NEWSPAPER  I 


The  computer  as  social  conscience 

GeorgiaTech's  Computing  for  Good  project,  which  monitors  the  safety 
of  blood  supplies  in  African  nations,  is  just  one  example  of  a  growing 
interest  in  what's  often  called  computing  fora  cause.  Page  9. 


The  year  in  cybercrime 

Malware  madness  and  spammers 
in  the  slammer.  Page  20. 


Stately  approach 
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Arizona,  Indiana 
favoring  centralized 
approach  to  IT  secu¬ 
rity.  Page  8. 


All-star  team  boosts 
DNS  security 

Seven  leading 
domain  name  ven¬ 
dors  —  representing 
more  than  112  million 
domain  names  — 
have  formed  a  coali¬ 
tion  to  adopt  DNS 
Security  Extensions. 
Page  10. 


Our  security 
prognosticator 

Network 
World 
columnist 
Andreas 
Antono- 
poulos  finds  that  his 
security  industry  pre¬ 
dictions  for  2008  were 
better  than  a  coin 
toss,  and  certainly 
better  than  his  stock 
predictions.  Page  17. 


HP  has  money  on 
its  mind 

Management  soft¬ 
ware,  licensing  plans 
rolled  out  with  econ- 
.  ;'omy  in  mind.  Page  18. 
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Cisco  plans 
data  center 
product 
overhaul 

BY  JIM  DUFFY 

SAN  JOSE  —  Cisco  has  a  num¬ 
ber  of  significant  product  intro¬ 
ductions  on  tap  for  2009  as  the 
company  continues  to  morph 
from  a  pure  networking  player 
into  an  overall  IT  supplier. 

Expected  next  year  are  inter¬ 
nally  developed  data  center 
blade  servers  and  a  new  release 
of  the  company’s  unified  com¬ 
munications  software  for  inter¬ 
company  collaboration.The  firm 
also  committed  to  improving 
energy-efficiency  across  its 
switching  portfolio. 

The  product  launches  are  in¬ 
tended  to  buttress  Cisco’s  strat¬ 
egy  to  become  not  just  the  lead¬ 
ing  network  vendor  to  corpora¬ 
tions  and  service  providers  but 
also  the  leading  supplier  of 
overall  IT  architectures  to  these 
constituencies. 

“The  network  will  enable  all 
forms  of  communication  and  IT,” 
said  Cisco  CEO  John  Chambers 
during  his  keynote  address  at  the 
company’s  annual  C-Scape  ana¬ 
lyst  conference  last  week. “IT  is 
not  enabling  our  strategy,  it  is  our 
strategy’ 

Perhaps  the  most  important 

See  Cisco,  page  36 
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Private  clouds  bring 
IT  mgmt  challenges 

BY  JON  BRODKIN 

Corporate  IT  shops  are  starting  to  em¬ 
brace  the  notion  of  building  private 
clouds,  modeling  their  infrastructure  after 
such  public  service  providers  as  Amazon, 
com  and  Google. 

But  while  virtualization  and  other  tech¬ 
nologies  exist  to  create  computing  pools 
that  can  allocate  processing  power,  storage 
and  applications  on  demand,  the  technol¬ 
ogy  to  manage  those  distributed  resources 
as  a  whole  is  still  in  its  early  stages. 

The  corporations  building  their  own  pri¬ 
vate  clouds  include  such  notable  names  as 
Bechtel,  Deutsche  Bank,  Morgan  Stanley, 

Merrill  Lynch  and  BT,  according  to  The  451 
Group. The  research  firm  found  in  a  survey 
of  1,300  corporate  software  buyers  that 
about  11%  of  companies  are  deploying 
internal  clouds  or  planning  to  do  so.  That 

See  Cloud,  page  14 
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ANS  TO 
EPLOY 
ERNAL 
OUDS 


451  GROUP  SURVEY  OF  1,300 
CORPORATE  SOFTWARE  BUYERS 


Already  deploy 

4% 

Plan  to  deploy 
in  next  6 
months  1% 

Will  deploy  in  7 
to  12  months 

2% 

Will  deploy  more 
than  a  year 
from  now  4% 

Have  no  plans 
to  deploy  84% 

No  answer 

5% 


Token  resistance 

Complex  biometrics  and  hard 
ware-based  tokens  fail  to  win 
widespread  acceptance,  while 
less  obtrusive  authentication 
methods  gain  traction.  Page  28. 


“Our  retail  customers  are  resistant  to  being 
forced  to  keep  track  of  yet  another  thing,” 

says  Jamie  Asnfield,  Bank  of  America's  senior 
vice  president  of  e-commerce  security 
strategy  and  development. 


Your  potential.  Our  passion. 


Microsoft 


Introducing  Microsoft*  SQL  Server‘2008.  Harness  the  power  of  the  data  explosion, 
There's  been  an  explosion  in  the  amount  of  data,  and  the  number  of  data  formats, 
in  enterprises  in  recent  years.  With  new  SQL  Server  2008,  you  can  harness  the 
untapped  power  of  that  data  explosion  by  integrating,  managing,  and  delivering 
that  power  to  your  end  users.  One  example:  SQL  Server  2008  intec- ates  every  kind 
of  data  you  have,  from  documents  to  multimedia,  from  spat  n  'geographic  data 
to  XML.  See  the  power  you  can  give  end  users  at  SQLServerEnergy.com 


Microsoft 
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8  Fighting  security  battles  locally. 

9  College  computer  course  blends  tech, 
compassion. 

10  Domain  vendors  tackle  DNS  security. 

17  Opinion  Andreas  Antonopoulos: 

How  security  predictions  fared  in  a 
volatile  year. 

18  S  un  revisits  cloud  computing. 

18  HP  gets  cost-conscious  with  man¬ 
agement  software. 

20  The  year  in  cybercrime. 

22  Opinion  Janies  Kobielus:  Cloud 
computing  in  a  bubble  economy. 

38  Opinion  Layer  8:The  ultimate  artifi¬ 
cial  intelligence  wizard? 


COOL 

TOOLS 


■  My  DVR 
Expander  is  a 
500GB  external 
hard  drive  that 
provides  additional  storage  to  digital 
video  recorders.  See  Cool  Tools,  page  26. 


SERVICE  PROVIDERS 

16  Opinion  Johna  Till  Johnson: 

Internet  architecture:  Not  logical,  captain! 

23  Opinion  Scott  Bradner:  Bashing 
Google:  for  fun  or  for  profit? 

38  Opinion  BackSpin:The  G1  and 

Google's  Evil  Quotient. 

TECH  UPDATE _ 

24  Document  capture,  routing  benefits. 

26  Mark  Gibbs:  Migrating  MapPoint 
Pushpins. 


26  Keith  Shaw:  Expand  your  DVR;  clean 
up  your  PC. 
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GOODBADUGLY 

Open  Handset  Alliance 
catching  on 

Fourteen  new  companies  including 
Sony  Ericsson  have  joined  the  Open 
Handset  Alliance,  the  group  backing 
Google’s  Android  mobile  operating 
system. The  number  of  companies  in 
the  alliance  now  totals  47. 


Don’t  mean  to  be  critical,  but . . . 

Microsoft  lastTuesday  released  its 
final  eight  patches  of  2008,  which 
address  28  vulnerabilities  including  a 
critical  flaw  in  the  new  search  compo¬ 
nent  in  Vista  and  Windows  Server  2008. 
Six  of  the  eight  were  listed  as  “criti¬ 
cal”  and  the  final  two  were  rated 
"important.”The  final  total  of  patches 
for  the  year  was  77. 


FCG  chair  in  hot  seat 
The  U.S.  House 
Committee  on  Energy 
and  Commerce 
issued  a  blistering 
report  alleging  that 
FCC  Chairman 
Kevin  Martin  manip¬ 
ulated  data  in  an 
effort  to  enable 
the  commission  to 
regulate  cable  tele¬ 
vision  companies. 

The  biggest  allegation  in 
the  report  is  that  Martin 
allegedly  instructed  his 
staff  to  rewrite  a  previ¬ 
ously  issued  report  on 
“a  la  carte”  cable  offer¬ 
ings  within  weeks  of 
becoming  FCC  chairman 
in  March  2005. 


Token  resistance 

Complex  biometrics  and  hard- 
ware-based  tokens  fail  to  win 
widespread  acceptance,  while 
less  obtrusive  authentication 
methods  gain  traction.  Page  28 


“Our  retail  customers  are  resistant  to  being 
forced  to  keep  track  of  yet  another  thing,” 

says  Jamie  Asnfield,  Bank  of  America's  senior 
vice  president  of  e-commerce  security 
strategy  and  development, 


PULL 


A  snapshot  of  how  networkworld.com 
visitors  voted  on  a  key  networking  issue 
last  week: 


Would  you  be  crushed  if  Nortel  filed 
for  bankruptcy  protection? 


Total  voters  for  this  poll:  445 

Vote  and  discuss:  www.nwdotfinder.com/79  57 


PEERSAY 


Have  regulations  really 
increased  security? 

Re:  Financial  crisis  and  transparency  good 
for  network  security  (www.nwdocfinder. 
com/7925): 

Aside  from  the  political  point  that  the  finan¬ 
cial  markets  were  already  very  heavily  regulat¬ 
ed  —  so  I  don’t  see  how  one  can  claim  the 
recent  fiasco  is  due  to  lack  of  regulation  — 
here’s  what  jumps  out  at  me  here. 

Where  are  the  data  for  this  claim  that  regula¬ 
tory  compliance  has  increased  security?  1  don’t 
think  there  are  any. 

What  are  the  numbers 
on  compromises  and 
breaches  before  and 
after  [the  Sarbanes- 
Oxley  Act] ,  etc.?  More 
intrusion-prevention 
systems  deployed, 
more  log  aggregation 
doesn’t  mean  anything  without  a  success  met¬ 
ric  to  which  to  refer.  Do  programs  like  this  have 
any  effect  other  than  satisfy  auditors?  Or,  how 
many  organizations  have  suffered  a  loss  due  to 
noncompliance?  Meaning  HIPAA  fines  or 
[Payment  Card  Industry]  or  SOX  penalties. 

I  work  in  a  healthcare  organization,  and  I  can 
say  that  for  the  most  part,  HIPAA  has  zero  effect. 
There  are  no  teeth  in  it  so  it  isn’t  a  considera¬ 
tion.  The  only  people  who  mention  it  are  ven¬ 
dors  trying  to  sell  compliance-related  products. 

Jeff  Martin 

Discuss  at  www.nwdocfinder.com/7925 

IPv6  as  national-security  issue 

Re:  Survey:  U.S.  foot-dragging  on  IPv6  setting 
country  back  (www.nwdocfinder.com/7926): 

IPv6  is  as  strategic  to  the  well-being  of  the 
United  States  as  the  financial  market  bailout. 
The  U.S.  military  has  already  realized  this  at  a 
high  level  by  requiring  agencies  to  at  least 
have  tested  IPv6. 

This  body  of  knowledge  will  spill  into  the 
commercial  markets,  eventually  creating  a 
pool  of  knowledgeable  experts.  Unfortunately 
this  is  not  enough  to  handle  this  type  of  tech¬ 
nology  advancement.  This  is  the  strategy 
employed  during  the  Internet  boom,  and 


unfortunately  this  is  too  slow  a  method. 

Well,  assume  this:  China,  Europe  and  the  rest 
of  the  world  gain  a  strong  understanding  of 
IPv6  technologies;  those  technologies  then  are 
transferred  into  information-assurance  knowl¬ 
edge,  which  directly  affects  the  abilities  of  the 
United  States  to  respond  to  cyberattacks. 

According  to  many  the  United  States  is  in  a 
default  state  of  economic  or  cyberwar  with 
China.  To  win  that  war,  the  United  States  must 
have  superior  knowledge. 

Yes,  I  am  biased:  I  work  for  one  of  the  players 
in  IPv6.  But  in  this  view  and  as  a  patriot,  I  see 

only  one  solution: 
Deploy  IPv6  before  we 
lose  both  our  money 
and  our  knowledge! 
Let’s  hope  that  the 
next  administration 
will  take  the  good 
advice  from  the  previ¬ 
ous  administration 
and  continue  IPv6  deployment  and  research. 

Matthew  FCaldwell 

Discuss  at  www.nwdocfinder.com/7927 

iEnterprise 

Re:  Smartphone  showdown:  iPhone  vs. 
BlackBerry  Storm  (www.nwdocfinder.com 
/7928): 

The  iPhone  is  the  device  best  adapted  to  the 
changing  state  of  the  enterprise  —  more  peo¬ 
ple  are  working  at  or  from  home,  and  mixing 
work  with  personal  matters. 

The  concept  of  lifestyle  —  whether  it  con¬ 
cerns  work,  entertainment,  privacy  or  research 
—  is  changing  with  the  advent  of  increased 
mobile  communications.The  BlackBerry  is  still 
hooked  into  traditional  paradigms  —  the  lack 
of  Wi-Fi  is  a  classic  gotcha,  forcing  people  down 
old-style,  carrier-dictated  and  expensive  modes 
of  communication.  BlackBerry  will  have  Wi-Fi 
within  one  year,  but  it  will  be  too  late. 

Just  as  the  Internet  broke  open  the  monopo¬ 
lies  in  the  distribution  of  news  and  informa¬ 
tion,  so  shall  the  iPhone  and  similar  devices 
break  open  the  barriers  to  communicating  that 
information. Watch  it  happen. 

Dave  Noble 

Discuss  at  www.nwdocfinder.com/7928 
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latest  IT  network 
news  delivered  to 
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device. 
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How  Vista  uses  more  energy 

Re:  Microsoft:  Vista  saves  world  one  car  at  a 
time  (www.nwdocfinder.com/7929): 

Vista  requires  more  memory  than  XP  More 
memory  in  my  notebook  computer  requires 
more  power,  so  my  battery  wouldn’t  last  as 
long.  Ungreen.  I  could  compensate  with  a  big¬ 
ger  battery,  but  then  I’d  need  to  eat  more 
Subway  BLTs  to  have  the  energy  to  haul 
around  a  heavier  computer.  More  ungreen. 

John  Gorentz 

Discuss  at  www.nwdocfinder.com/7929 
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Built  to  work  like  you  do,  our  next-generation  suite  of  collaboration  solutions — enterprise  social 
networking,  team  workspaces,  and  e-mail  and  calendaring — allow  people  to  share  information 
and  insights  more  effectively.  Creativity  flourishes,  innovation  thrives  and  your  entire  organization 
is  more  productive.  Let  us  make  IT  work  as  one  for  you . 


Download  the  Novell?  Teaming  Starter  Pack  with 

20  free  user  licenses  now  at  www.novell.com/collaboration 


Making  IT  Work  As  One 


Copyright  £•  2008  Novell,  Inc.  All  rights  reserved  Novell  and  the  Novell  logo  are  registered  trademarks 
and  Making  IT  Work  As  One  is  a  trademark  ol  Novell,  Inc  in  the  United  States  and  other  countries. 
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■  Sony  hit  with  $1  million  penalty  over 
underage  online  privacy  violations.  The 

Layer  8  blog  reports:  "It  really  isn't  a  big 
enough  penalty  and  the  company  admitted  no 
guilt  but  Sony  BMG  Music  Entertainment 
agreed  to  pay  $1  million  as  part  of  a  settle¬ 
ment  to  resolve  Federal  Trade  Commission 
charges  that  it  knowingly  violated  the  privacy 
rights  of  over  30,000  underage  children. 
Specifically  the  FT C  said  the  company  violat¬ 
ed  the  agency's  Children's  Online  Privacy 
Protection  Act  and  the  FTC  did  say  the 
penalty  was  its  largest  ever  in  a  COPPA 
case."  www.nwdocfinder.com/7933 

■  5G  wireless:  don't  get  your  hopes  up. 

Craig  Mathias  writes  in  his  Nearpoints  blog: 
"I'm  giving  a  talk  for  the  Boston  Chapter  of 
the  IEEE  Communications  Society  on  the 
subject  of  4G  and  Beyond.  My  intent  here  is 
an  analyst's-eye-view  of  3G,  why  we  need  to 
move  to  4G  (or  do  we?),  and  what  5G  might 
look  like  —  if  it  materializes  at  all.  In  doing  the 
research  for  this  talk,  I  came  to  a  number  of 
interesting  conclusions,  not  the  least  of 
which  is  that  5G  might  not  be  necessary  or 
even  possible." 

www.nwdocfinder.com/7934 

■  Invention  uses  wireless  to  jam  teen 
drivers'  cell  phones.The  Alpha  Doggs  blog 
reports:  "University  of  Utah  researchers 
have  invented  technology  that  could  come  to 
be  embraced  by  teenagers  with  the  same 
enthusiasm  they  have  for  curfews  and  ID 
checks.  And  like  those  things,  it  could  save 
their  lives.  Key2SafeDriving  technology  uses 
RFID  or  Bluetooth  wireless  capabilities  to 
issue  signals  from  car  keys  to  cell  phones  to 
prevent  drivers  from  talking  on  their  phones 
or  texting  while  driving.  Some  research 
shows  that  as  many  as  1  in  10  teen  drivers  are 
talking  on  cell  phones  ortexting  while  driving 
at  any  time,  and  the  possible  consequences 
of  such  ill-advised  multitasking  have  grabbed 
many  a  headline  in  recent  years." 
www.nwdocfinder.com/7935 

■  Why  are  entrepreneurs  joining 
Microsoft?  Mitchell  Ashley  writes  in  his 
Converging  on  Microsoft  blog:  "Microsoft  is 
far  from  perfect  but  I  like  a  lot  of  what  I'm 
seeing  from  them  these  days.  Ozzie's 
attracting  some  very  good  talent  from  out¬ 
side  the  company,  most  notably  talent  like 
Identity  2.0  dude  Dick  Hardt  who  just 
announced  on  his  blog  he's  leaving  for 
Redmond.  Identity  management  seems  to  be 
one  area  Microsoft's  not  been  afraid  to  let 
others  innovate  outside  the  company  and 
work  hard  on  bringing  in  the  talent." 
www.nwdocfinder.com/7936 


Supercomputer  is 
super-fast 

We  take  a  look  inside 
Tsubame,  Japan's  sec¬ 
ond  fastest  supercom¬ 
puter. 

www.nwdocfmder.com/7939 


Obama:  No  child  left 
offline 

U.S.  President-elect 
Barack  Obama  has  out¬ 
lined  a  plan  to  give 
every  child  in  the  United 
States. 

www.nwdocfinder.com/7940 


The  Medical  Phone? 

A  U.K. -based  mobile 
phone  maker  plans  to 
start  selling  in  2009  a 
novel  smartphone  origi¬ 
nally  built  for  the 
British  military. 


www.nwdocfinder.com/7941 
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Is  wireless  changing  our  DNAP 


Wireless:  A  number  of  readers  have  written 
during  the  past  several  months  to  voice  con¬ 
cerns  about  the  effect  of  wireless  signals  on 
human  health. This  topic  continues  to  grow 
hotter  as  high-power  802.1  In  networks 
emerge  and  industry  suppliers  push  the  con¬ 
cept  of  the  “all-wireless  enterprise” —  a  phrase 
that  conjures  up  visions  of  our  bodies  getting 
zapped  with  wireless  signals  all  day  long. 
Many  of  us  in  the  U.S.  look  to  the  Federal 
Communications  Commission  for  guidelines 
about  such  topics,  including  what  is  a  safe 
density  of  access  points  (APs)  to  deploy  and 
the  amount  of  RF  tolerance  a  person  can  tol¬ 
erate  safely  However,  the  FCC  doesn’t  really 
take  a  strong  stand  on  this  issue.  The  FCC 
does  consider  and  test  the  wireless  radios 
within  portable  devices, such  as  tablets,  single¬ 
mode  and  dual-mode  phones,  which  are  used 
in  very  close  contact  with  the  human  body 
The  commission  as  yet  has  no  such  detailed 
tests  for  APs  and  Wi-Fi-enabled  laptops, 
because  it  considers  the  distances  between 
the  equipment  and  an  end  user  to  be  com¬ 
paratively  high. 

www.nwdocfinder.com/7930 

Tech  exec:  In  a  campus  computer  science 
lab,  students  are  doing  research  and  develop¬ 
ment  on  advanced  cybersecurity  technolo¬ 
gies.  Professors  and  technical  advisors  are 
helping  to  commercialize  the  results  of  the 
R&D,  intent  on  creating  viable  digital  security 
products.  Experienced  business  leaders  are 


nurturing  the  budding  companies  that  will 
bring  the  new  solutions  to  market.Venture 
capitalists  and  angel  investors  are  sniffing 
around  for  their  next  big  opportunity.  And  the 
state  government  and  the  U.S.  Department  of 
Defense  are  solidly  behind  the  efforts  to  make 
this  new  incubator,  and  the  Institute  for  Cyber 
Security  (ICS)  as  a  whole,  successful.  If  this 
sounds  like  your  typical  Silicon  Valley  univer¬ 
sity  research  center  and  technology  incuba¬ 
tor,  think  again.  This  isn’t  Stanford  University 
or  University  of  California  at  Santa  Cruz,  or 
any  of  the  other  schools  in  the  shadows  of  the 
tech  giants.  In  fact,  this  brand  new  cyber 
security  center  isn’t  in  Silicon  Valley  at  all. 
Instead,  it’s  deep  in  the  heart  of . .  .Texas. 
www.nwdocfinder.com/7931 

Branch  office:  One  of  the  most  common 
practical  implications  of  a  downward  spiral¬ 
ing  economy  is  the  “travel  freeze.”Those  grow¬ 
ing  weary  of  hopping  on  planes,  eating  room 
service,  and  living  out  of  a  suitcase  may  wel¬ 
come  the  change.  But  it  doesn’t  take  long  for 
reality  to  set  in: The  lack  of  in-person  visits  — 
particularly  for  virtual  workers  —  can  affect 
productivity,  sales  success,  and  customer  satis¬ 
faction.  In  the  past,  companies  turned  to 
videoconferencing.  We  will  see  a  surge  in 
videoconferencing.  But  we  also  will  see  a 
surge  in  social  networking  —  with  sites  such 
as  Facebook,  Myspace,  Flickr, Twitter,  Linked 
In,  and  YouTube  keeping  people  connected. 
www.nwdocflnder.com/7932 
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Nortel  mulls  bankruptcy 

Nortel  has  hired  lawyers  to  consider  whether  it  should  seek  bankruptcy  pro¬ 
tection,  but  the  company  says  it  has  made  no  decision  to  do  so.lt  will  instead 
follow  the  restructuring  and  cost-cutting  plan  devised  last  month,  which 
includes  plans  for  selling  its  metro  Ethernet  unit  and  getting  rid  of  facilities.  “On 
Nov.  10,  we  put  in  place  an  aggressive  plan  to  bring  down  costs  by  $400  million 
with  a  minimum  level  of  cash  outlay  The  goals  we  laid  out  on  Nov.  10  have  not 
changed,”  the  company  said  last  week  in  response  to  a  Wall  Street  Journal  story 
that  the  company  was  seeking  legal  advice  to  explore  bankruptcy  In  that  story,  a 
Nortel  spokesman  is  quoted  as  saying  no  bankruptcy  filing  is  imminent.  Nortel’s 
statement  to  Network  World  does  not  deny  that  it  sought  advice  on  bankruptcy 
The  company  says, “Nortel  is  a  viable  partner  for  the  long  term.  We  have  no  debt 
maturity  until  2011,  and  we  are  preserving  and  strengthening  our  case  position.” 


www.nwdocfinder.com/7942 

Microsoft:  IE7  browser  vulnerability 
also  affects  IE5,  IE6.  An  unpatched  vulner¬ 
ability  found  in  Internet  Explorer  7  also 
affects  older  versions  of  the  browser,  as  well 
as  the  latest  beta  version,  Microsoft  warned. 
The  new  information  widens  the  pool  of 
users  who  could  be  at  risk  of  inadvertently 
becoming  infected  with  malicious  software 
installed  on  their  PC,  because  Microsoft  does 
not  have  a  patch  ready  yet.  In  an  advisory 
updated  last  Thursday,  Microsoft  confirmed 
that  IE  5.01  with  Service  Pack  4,  IE6  with  and 
without  SPl.and  IE8  Beta  2  on  all  versions  of 
the  Windows  operating  system  are  potentially 
vulnerable.  Also  vulnerable  are  users  running 
1E7  on  Windows  XP  SP2  and  SP3,  Windows 
Server  2003  SP1  and  SP2,  Windows  Vista  with 
and  without  SPl.and  Windows  Server  2008. 
Microsoft  said  it  has  seen  only  limited  attacks 
targeting  the  flaw  in  IE7.  However,  security 
analysts  have  said  it  appears  an  increasing 
number  of  Web  sites  are  being  built  that  can 
exploit  the  vulnerability  The  problem  is  par¬ 
ticularly  severe  because  in  some  cases  users 
merely  have  to  view  a  Web  site  for  a  Trojan 
horse  program  to  be  downloaded  automati¬ 
cally  to  their  machine. 
www.nwdocfinder.com/7943 

$41  billion  deal  to  buy  Bell  Canada  col¬ 
lapses.  A  $41  billion  deal  to  buy  Bell 
Canada  —  what  was  once  billed  as  the 
largest  leveraged  buyout  ever  —  collapsed 
last  week  after  failing  a  solvency  test. The 
companies  involved  in  buying  Bell 
Canada,  including  the  Ontario  Teacher’s 
Pension  Plan  and  Merrill  Lynch  Global 
Private  Equity,  issued  a  joint  statement  ter¬ 
minating  the  deal  after  receiving  the  sol¬ 
vency  opinion  from  KPMG,  which  was 
enlisted  as  part  of  the  agreement  to  evalu¬ 
ate  the  transaction.  KPMG  ruled  that  if  the 
deal  were  to  go  through,  it  would  result  in 
an  insolvent  entity,  or  one  unable  to  pay  off 
its  debts. The  purchasers  said  they  will  not 
have  to  pay  a  $1.2  billion  termination  fee 


because  of  the  circumstances  of  the  can¬ 
cellation,  nor  do  they  expect  to  be  paid  a 
similar  fee  by  Bell  Canada. 

www.nwdocfinder.com/7944 

Gartner  lowers  worldwide  software 
spending  forecast.  Gartner  has  lowered  its 
worldwide  enterprise  software  spending  fore¬ 
cast,  citing  “a  combination  of  economic,  tech¬ 
nical  and  regional  forces.”The  analyst  firm 
said  2008  spending  will  total  $229.2  billion, 
instead  of  the  $231.2  billion  it  predicted  in 
September.  For  the  upcoming  year,  software 
spending  will  jump  by  6.6%  to  $244.3  billion, 
down  from  Gartner’s  previous  forecast  of 
9.5%  growth.  Some  technologies  will  fare  bet¬ 
ter  than  others,  Gartner  said.  For  example,  the 
dismal  economy  will  cause  companies  to 
delay  or  even  cancel  service-oriented  archi¬ 
tecture  projects  for  now,  and  those  plans  will 
be  slow  to  resurface.  But  software  aimed  at 
optimizing  how  organizations  are  run,  such 
as  business  process  management  and  master 
data  management,  will  fare  better.  Enterprises 
seeking  to  cut  costs  also  will  be  drawn  to 
open  source  software,  virtualization  technolo¬ 
gies,  unified  messaging  and  collaboration 
technologies,  Gartner  said. 
www.nwdocfinder.com/7945 

Mozilla  security  chief  calls  it  quits. 

Window  Snyder,  the  head  of  security  at 
Mozilla,  will  resign  her  position  at  the  end  of 
the  year,  she  wrote  in  a  blog  post  last  week. 
Snyder,  who  has  the  kooky  job  title  of  “chief 
security  something-or-other’’is  in  charge  of 
improving  security  in  the  Firefox  Web  brows¬ 
er  and  other  Mozilla  projects.  She  isn’t  yet  say¬ 
ing  publicly  what  she  plans  to  do  next.  A 
source  familiar  with  her  plans  said  she  is 
going  to  work  at  a  start-up  company  Snyder 
joined  Mozilla  in  September  2006  from 
Microsoft,  where  she  was  a  security  strategist 
and  worked  on  Microsoft’s  security-focused 
Windows  XP  Service  Pack  2  update. 
www.nwdocflnder.com/7946 


Broadcom  combines  802.11n  Wi-Fi, 
Bluetooth,  FM  radio  on  one  chip. 

Broadcom  unveiled  a  chip  that  packages 
802.1  In, enhanced  data  rate  Bluetooth  and 
FM  radio  for  mobile  phones.The  new 
BCM4329  is  the  first  Broadcom  product  to 
support  high-throughput  802.1  In  Wi-Fi  on 
handsets. The  65-nanometer  chip  supports 
802.1  In  in  both  the  2.4GHz  and  5GHz  bands, 
and  can  run  on  both  simultaneously  The 
chip’s  Wi-Fi  performance  maxes  out  at 
50Mbps  of  wireless  throughput,  according  to 
the  vendor.  That’s  still  nearly  twice  the 
throughput  of  802.11a  or  802.1  lg  Wi-Fi.It  sup¬ 
ports  Bluetooth  data  rates  of  1M,2M  and 
3Mbps,  and  uses  Broadcom  algorithms  to 
allow  Bluetooth  and  Wi-Fi  to  operate  at  the 
same  time  in  the  2.4GHz  band. The  chip  sup¬ 
ports  FM  transmission,  enabling  the  chip  to 
stream  music  between  devices;  and  FM 
reception,  enabling  a  handset  to  work  as  a 
standard  FM  radio. 
www.nwdocfinder.com/7947 

Embotics  grabs  $4  million  in  VC  cash. 

Virtualization  management  software  maker 
Embotics  garnered  $4  million  in  a  Series  B 
round  of  financing  led  by  Canada’s  Coving¬ 
ton  Capital.  Embotics,  also  a  Canadian 
company,  intends  to  put  the  additional 
cash  toward  building  its  server  virtualiza¬ 
tion  management  technology  and  expand¬ 
ing  global  sales  and  operations.  Embotics’ 
flagship  V-Commander  software,  which 
became  available  in  December  2007,  pro¬ 
vides  centralized  policy-based  manage¬ 
ment  for  virtual  machines. The  software 
can  track  each  virtual  machine  throughout 
its  life  cycle,  and  associates  specific  poli¬ 
cies  around  access,  authorization  and  end 
of  life  with  each  virtual  machine. 
www.nwdocfinder.com/7948 
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Fighting  security  battles  locally 


BY  ELLEN  MESSMER 

A  look  at  security  projects  in  such  places 
such  as  Arizona,  Indiana  and  Florida  reveals 
that  state  and  local  governments  are  worrying 
as  much  as  any  business  enterprise  about 
protecting  the  sensitive  data  they  hold. 

Arizona’s  government  last  year  decided  to 
create  state-level  positions  for  both  CISO  and 
chief  privacy  officer  (CPO),  after  the  Federal 
Trade  Commission  ranked  Arizona  first 
among  states  in  identity  theft  (though  the 
exact  reason  wasn’t  cited).  After  the  state 
passed  legislation  for  more  oversight,  David 
VanderNaalt,  named  CISO,  began  working 
with  Mary  Beth  Joublanc,  the  state’s  CPO,  in 
the  newly  created  Statewide  Information 
Security  &  Privacy  Office  at  the  Statewide 
Information  Technology  Agency. 

“This  is  an  oversight  agency”  says  Van¬ 
derNaalt,  formerly  CISO  for  the  city  of  New 
York  for  eight  years. 

VanderNaalt  and  Joublanc  report  directly  to 
Arizona’s  governor  and  others  about  whether 
dozens  of  state  agencies  are  complying  with 
state  legislation  requiring  agencies  to  report 
security  incidents. 

“In  my  role  I  see  we  have  100  different  busi¬ 
ness  models,”  VanderNaalt  says  about 
Arizona’s  dozens  of  agencies  and  their 
departmental  activities.  Many  agencies  col¬ 
lect  data  about  security  incidents,  but  there 
has  to  be  a  centralized  way  to  automate  col¬ 
lection  from  technical  sources  in  addition  to 
manual  reports,  he  says. 

Just  last  month,  for  example,  to  comply  with 
state  law,  Arizona’s  Department  of  Economic 
Security  had  to  notify  the  families  of  about 
40,000  children  that  their  personal  data  may 
have  been  compromised  following  the  theft 
of  hard  drives  from  a  storage  facility. 

VanderNaalt  says  one  approach  he’s  testing 
at  the  agencies  is  a  tool  from  Agiliance  called 
RiskVision  that  reports  and  tracks  incidents 
statewide,  though  he  adds  when  it  comes  to 
identity  theft,  the  private  sector  is  likely  to  be 
at  least  as  big  a  source  of  the  problem. 

The  purpose  of  the  security  and  privacy 
office  is  to  tackle  wider  concerns  as  well,  in¬ 
cluding  major  online  attacks,  to  respond  with 
as  complete  a  picture  as  Arizona’s  govern¬ 
ment  can  muster. 

To  do  that, VanderNaalt  knows  he  needs  the 
trust  from  Arizona’s  employees.  “We’re  trying 
to  position  ourselves  that  reporting  is  a  good 
thing,  and  you  will  get  help,” he  says. The  over¬ 
sight  agency  also  will  be  assessing  agency 
practices  and  technologies  with  an  eye  to 
identifying  statewide  approaches  to  safe¬ 
guarding  data  security  and  privacy. 

Securing  Indiana 

Indiana  already  has  adopted  a  centralized 
approach  to  IT  and  security  and  it  appears  to 


** We’re  trying  to 
position  our¬ 
selves  that 
[security  inci¬ 
dent]  reporting 
is  a  good  thing, 
and  you  will  get 
help.  *5 

David  VanderNaalt 

CISO,  state  of  Arizona 


be  working  well,  according  to  Paul  Baltzell, 
director  of  distributed  services.  His  depart¬ 
ment  is  responsible  for  desktops  used  across 
state  agencies. 

Four  years  ago,  Gov.  Mitch  Daniels,  annoyed 
that  even  the  state’s  e-mail  systems  weren’t 
fully  connected  (although  its  state  WAN  was), 
decided  there  should  be  a  state-level  CIO 
office  defining  infrastructure  requirements, 
including  security  policies. 

Indiana’s  IT  centralization  effort  has  had 
some  pushback,  Baltzell  acknowledges,  not¬ 
ing  that  it  resulted  in  about  a  40%  staff 
reduction  in  some  IT  functional  areas.  By 
centralizing,  however,  the  state  government 
now  benefits  from  volume  discounts  for  IT 
acquisitions,  including  security  procure¬ 
ments,  he  says. 

As  part  of  a  recent  state-level  acquisition  of 
McAfee  antivirus,  intrusion-prevention  and 
other  security  gear,  Indiana  licensed  McAfee’s 
Endpoint  Encryption  software,  which  it’s 
deploying  on  about  10,000  laptops  and  other 
mobile  devices. 

“One  bad  security  breach  and  you’ve  lost  all 
credibility?’  Baltzell  says,  adding  that  trying  to 
achieve  this  wide  a  rollout  of  desktop  encryp¬ 
tion  would  have  been  much  more  difficult 
without  a  centralized  statewide  mandate. 

Baltzell  also  is  enjoying  success  with  Intel’s 
vPro,  now  used  in  6,000  of  Indiana’s  state- 
agency  desktops  for  remote  management  of 
them  “even  if  it’s  blue-screened,”  he  says. 

“We  have  offices  all  over  the  state,  and  my 
techs  have  to  get  in  the  car  if  they  can’t  fix 
something  remotely?’  Baltzell  says.  VPro  has 
greatly  simplified  remote  management,  and 
Baltzell  hopes  security  vendors  will  work  with 
Intel  to  explore  some  of  the  potential  it  offers 
in  malware  defense. 

Security  at  the  local  level 

City  governments  also  take  on  ambitious 
security  projects,  and  find  it  can  take  a  sub¬ 
stantial  effort  to  put  centrally  mandated  IT 
governance  policies  in  place  just  for  city 
agencies. 


“A  key  one  we  had  is  software  installation 
and  a  computer-use  policy  spelling  out  the 
rules  of  engagement,”  says  Nelson  Martinez, 
systems  support  manager  for  the  Florida’s  city 
of  Miami  Beach,  which  has  about  2,000 
employees  using  computers. 

Establishing  a  citywide  computer-use  policy 
entailed  individual  meetings  with  city  agen¬ 
cies  and  five  unions  including  the  police  and 
fire  unions  and  their  lawyers  to  discuss  the 
policy  and  how  violations  would  be  handled. 

“It  all  went  faster  than  I  thought  it  would,” 
says  Martinez  says,  noting  each  group  voiced 
issues  about  how  reprimands  or  punishments 
might  be  applied.  In  the  end,  it  was  made 
clear  that  the  IT  department  might  provide 
information  about  blatant  violations  of  IT  pol¬ 
icy  —  for  instance,  “no  chat,  no  instant  mes¬ 
saging,  no  adding  in  unofficial  software 
except  with  permission” —  but  it’s  up  to  high- 
level  city  management  to  handle  the  reper¬ 
cussions,  he  says. 

For  endpoint  enforcement  on  employee 
computers,  the  city  is  using  eEye  Digital’s 
Blink,  which  prevents  malware  from  execut¬ 
ing  and  blocks  unauthorized  applications. 
“I’m  trying  to  keep  them  out  of  trouble,” 
Martinez  says.Teople  are  always  trying  to  test 
the  boundaries.” 

One  of  the  most  ambitious  projects  the 
city  is  undertaking  now  is  single-sign-on 
(SSO)  authentication  using  fingerprint  bio¬ 
metrics  for  authentication  to  attain  a  higher 
security  level  than  simple  passwords  can, 
Martinez  says.  ■ 


InBrief 


RIM  moves  to  acquire  two 
companies 

Research  In  Motion  hopes  to  add  a  content 
delivery  platform  to  its  offerings  with  a 
planned  $18  million  acquisition  of  Chalk 
Media,  announced  last  week.  Chalk's  Mobile 
chalkboard  allows  users,  such  as  an  enter¬ 
prise,  to  push  content  including  text,  graph¬ 
ics,  video  and  audio  out  to  BlackBerry 
users.  Chalkboard  lets  administrators  track 
use  of  the  content,  which  can  be  encrypted 
and  prevented  from  being  forwarded  or 
copied.  News  of  the  Chalk  acquisition  came 
one  day  after  RIM  announced  it  has  made  a 
hostile  takeover  bid  for  security  vendor 
Certicom.  If  RIM  is  successful,  Certicom's 
Elliptic  Curve  Cryptography  technology 
would  help  RIM  target  companies  and  gov¬ 
ernment  agencies  with  very  high  security 
requirements. 
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College  computer  course 
blends  tech,  compassion 


BY  JOHN  COX 

It  wasn’t  your  typical  computer  science  prob¬ 
lem  that  caught  the  attention  of  two  Ph.D.  candi¬ 
dates  at  Georgia  Tech’s  College  of  Computing.  It 
was  more  of  a  life-or-death  problem:  monitoring 
the  safety  of  blood  supplies  in  African  nations 
ravaged  by  HIV  and  AIDS. 

And  the  fact  that  it  caught  anyone’s  attention  is 
due  in  large  part  to  the  college’s  recently 
launched  Computing  for  Good  project, known  as 
C4G.  It’s  a  course  that  encourages  Georgia  Tech 
students  and  faculty  to  look  at  how  computer 
technology  can  be  applied  to  improve  —  and 
even  save  —  lives. 

The  C4G  course  was  sparked  by  a  faculty  pre¬ 
sentation  in  the  fall  of  2007  by  its  lead  advocate, 
Santosh  Vempala,  distinguished  professor  of 
computing  at  the  college’s  School  of  Computer 
Science.  In  spring  2008, 17  Georgia  Tech  students 
signed  up  for  the  first  C4G  course,  breaking  up 
into  teams  to  work  on  seven  projects  as  close  as 
the  school’s  home  in  downtown  Atlanta  and  as 


Solving  the  world's 
problems 


Georgia  Tech’s  inaugural  Computing 
for  Good  (C4G)  course  in  spring 
2008  tackled  a  wide  range  of  student 
projects  besides  the  blood  monitoring 
Web  application,  including: 

•  Creating  a  Web  portal  and  learning 
application  for  15  idle  laptops  in  a  sum¬ 
mer  and  after-school  program  for  chil¬ 
dren,  parents  and  teachers  in  one  of 
Atlanta's  lower-income  neighborhoods. 

•  Replacing  a  paper/pencil/cell  phone 
"system”  used  by  United  Way  staffers 
to  allocate  beds  for  the  homeless  at 
shelters  in  Atlanta  with  a  computer¬ 
ized,  easily  searchable  database. 
Staffers  can  sift  quickly  through  the 
inventory  of  available  beds,  based  on  a 
range  of  specific  criteria  for  each  indi¬ 
vidual:  gender,  family  situation  and 
health  status,  for  example, 

•  Laying  the  groundwork  for  a 
system  based  on  mobile  phones  that 
lets  veterinarians  in  Uganda  and 
Ghana  report  cases  of  bird  flu  to  ani¬ 
mal  health  officials. 


far  away  as  Africa.  It  was  taught  by  Vempala,  assis¬ 
tant  professor  Michael  Best,  of  the  School  of  In¬ 
ternational  Affairs,  School  of  Computer  Science 
Chair  and  Professor  Ellen  Zegura. 

The  Georgia  Tech  course  is  just  one  example  of 
a  growing  interest  in  what’s  often  called  comput¬ 
ing  for  a  cause  or  socially  relevant  computing.  As 
one  paper, by  researchers  from  State  University  of 
New  York  in  Buffalo,  Rice  University  and 
Microsoft  Research,  put  it:  “It  presents  computer 
science  as  a  cutting-edge  technological  disci¬ 
pline  that  empowers  [students]  to  solve  prob¬ 
lems  of  personal  interest... as  well  as  problems 
that  are  important  to  society  at  large. ...” 

Keeping  blood  safe 

The  Web  tool  for  blood  safety  monitoring  is 
one  of  the  latter.  In  a  few  weeks,  it  will  go  live  in 
14  African  countries.  The  idea  was  to  create  an 
easy-to-use  Web  application  that  could  be  used 
by  public  health  staff  in  Africa  to  monitor  the 
safety  of  national  blood  supplies.The  problem  is 
especially  critical  in  nations  where  HIV  and  AIDS 
infections  are  epidemic. 

The  need  for  such  an  application  came  to 
Vempala’s  attention  last  year,  when  he  talked 
with  John  Pitman,  a  public  health  adviser  with 
the  Global  AIDS  Program  at  the  Centers  for 
Disease  Control  and  Prevention  (CDC)  in 
Atlanta,  who  had  created  an  Excel-based 
spreadsheet  that  public  health  staff  could  use  to 
report  quarterly  on  about  80  data  points  that 
were  indicators  of  blood  safety 

But  there  were  obvious  problems.  Staff  needed 
to  know  Excel  and  have  it  loaded  on  a  local 
computer. With  separate  applications  running  on 
PCs,  aggregating  and  sifting  data  from  different 
locations  was  awkward,  inconsistent  and  time- 
consuming.  As  a  result,  getting  local  staff  to  use 
the  spreadsheet  consistently,  or  even  at  all,  was  a 
struggle.  Pitman  and  Vempala  thought  a  Web- 
based  application  could  change  all  this. 

The  problem  and  the  project  appealed  to  two 
Ph.D.  candidates  in  the  C4G  course,  Adebola 
(“Bola”)  Osuntogun,  originally  from  Nigeria,  and 
Stephen  Thomas,  both  of  whom  had  heard  Pit¬ 
man’s  presentation.  Putting  their  skills  to  practical 
work  and  seeing  lasting  results  that  would  bene¬ 
fit  someone  other  than  researchers  was  a  big  part 
of  the  attraction.  “It  seemed  a  way  to  do  some 
thing  that  was  not  purely  academic, ’’Thomas  says. 
“We’d  be  improving  the  quality  of  life.” 

Vempala  was  the  third  member  of  the  team, 
acting  as  faculty  adviser.  Osuntogun  and  Thomas 
quickly  sketched  out  a  design,  based  on  the  data 
in  Pitman’s  original  Excel  spreadsheet,  for  a  Web- 
hosted  application,  accessed  via  a  browser  over 
low-bandwidth  connections.  Initially,  they 
assumed  local  computing  resources  would  be 
minimal. The  back-end  application  was  based 

See  C4G,  page  22 
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Here’s  another  way  you  can  become  more 
productive.  IBM  System  x3500  Express 
affordably  manages  your  IT  network  from  one 
location,  identifies  potential  problems  before 
they  happen,  and  keeps  your  downtime  to  a 
minimum.  It’s  innovation  made  easy. 

PN:  7977E7U _ _ 

Featuring  up  to  two  Intel'  Xeon*  Processors  E5420 
2.50  GHz/1333  MHz-12  MB  QC  (80w)  2x1  GB,  keyboard 
and  mouse,  HS  SAS/SATA  1  x  835W  power 

Up  to  8  hot-swappable  SAS  or  SATA  HDDs  or  up  to 
12  hot-swappable  SFF  SAS  or  SATA  HDDs  to  support 
large  capacity 

ibm.com/systems/simplifyit 

1  866-872-3902  (mention  6N8AH15A) 


IBM,  the  IBM  logo.  IBM  Express  Advantage,  System  x 
and  System  Storage  are  trademarks  of  International 
Business  Machines  Corporation  in  the  United  Stales 
and/or  other  countries.  For  a  complete  list  ot  IBM 
trademarks,  see  www  ibm.com/iegal/copytrade.shtml. 

Intel  and  Xeon  are  registered  trademarks  of  Intel 
Corporation  All  other  products  may  be  trademarks  or 
registered  trademarks  ot  their  respective  companies. 

All  prices  and  savings  estimates  are  based  upon 
IBM's  estimated  retail  selling  prices  as  ol  8/20/08. 

Prices  and  actual  savings  may  vary  according  to 
configuration.  Resellers  set  their  own  prices,  so  reseller 
prices  and  actual  savings  to  end  users  may  vary. 

Products  are  subject  to  availability.  This  document 
was  developed  for  offerings  In  the  United  Slates.  IBM 
may  not  otter  the  products,  features,  or  services  discussed  in  this  document 
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Domain  vendors  tackle  DNS  security 


BY  CAROLYN  DUFFY  MARSAN 

Momentum  continues  to  build  for  rapid  de¬ 
ployment  of  DNS  encryption  mechanisms. 

Seven  leading  domain  name  vendors  —  rep¬ 
resenting  112.5  million  domain  names  or  65% 
of  all  registered  domain  names  —  last  week 
formed  an  industry  coalition  to  work  together 
to  adopt  DNS  Security  Extensions,  known  as 
DNSSEC.  Among  the  members  of  the  DNSSEC 
Industry  Coalition  are  VeriSign,  which  operates 
the  .com  and  .net  registries;  NeuStar,  which 
operates  the  .biz  and  .us  registries;  .info  registry 
operator  Afilias;  .edu  registry  operator  Edu- 
cause;  and  The  Public  Interest  Registry  (PIR), 
which  operates  the  .org  registry  (see  graphic). 

DNSSEC  prevents  hackers  from  hijacking 
Web  traffic  and  redirecting  it  to  bogus  sites.The 
Internet  standard  prevents  spoofing  attacks  by 
allowing  Web  sites  to  verify  their  domain 
names  and  corresponding  IP  addresses  using 
digital  signatures  and  public-key  encryption. 

The  coalition  is  “a  really  good  and  public 
statement  by  all  of  the  members  that  we 
believe  that  DNSSEC  is  vital  to  securing  the  sta¬ 
bility  and  trust  of  the  Internet,  and  we  will  do 
everything  we  can  as  members  to  get  the  tech¬ 
nology  in  place  and  get  our  zones  signed,” says 
Rodney  Joffe,  senior  vice  president  and  senior 
technologist  for  NeuStar. 

DNSSEC  is  viewed  as  the  best  way  to  bolster 
the  DNS  against  such  vulnerabilities  as  the 
Kaminsky  bug  discovered  this  summer.  It’s 
because  of  threats  such  as  these  that  the  U.S. 
government  is  rolling  out  DNSSEC  across  its 
.gov  and  .mil  domains. 

The  DNSSEC  coalition  announced  its  forma¬ 
tion  weeks  after  the  U.S.  federal  government 
closed  a  formal  comment  period  for  the 
domain  name  industry  to  provide  suggestions 
on  deploying  DNSSEC  across  the  DNS  root 
zone,  which  operates  at  the  highest  level  of  the 
DNS  hierarchy  DNS  root  servers  make  it  possi¬ 
ble  for  top-level  domains,  including  .com,  .net 
and  .org,  to  match  domain  names  with  corre¬ 
sponding  IP  addresses  and  Web  sites.  Without 
the  DNS  root  being  cryptographically  signed 
via  DNSSEC,  the  Internet’s  top-level  domains 
aren’t  safe  from  attack  even  if  they  deploy 
DNSSEC. 

The  domain  name  industry  is  being  driven  to 
adopt  DNSSEC  because  of  worries  about  the 
Kaminsky  bug,  a  serious  DNS  security  flaw  in 
that  was  discovered  in  July  by  researcher  Dan 
Kaminsky  The  bug  allows  for  cache  poisoning 
attacks,  where  a  hacker  redirects  traffic  from  a 
legitimate  Web  site  to  a  fake  one  without  the 
user  knowing. 

“The  Kaminsky  bug  changed  the  debate 
about  DNSSEC,”  says  Alexa  Raad,  CEO  of  PIR, 
which  supports  7  million  domain  names.“Until 
then  it  was  a  question  of  is  DNSSEC  necessary 
Then  it  became  how  do  we  do  DNSSEC.” 

The  PIR  announced  plans  to  deploy  DNSSEC 
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Seven  leading  domain  name 
vendors,  representing  65%  of  the 
industry,  have  formed  an  industry 
coalition  to  work  together  to  adopt 
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in  June,  before  the  discovery  of  the  Kaminsky 
bug.  Since  then,  the  nonprofit  has  been  trying 
to  educate  its  600  channel  partners  around  the 
world  about  the  need  for  DNSSEC.lt  has  signed 
up  five  registrars  for  a  DNSSEC  test  that  will 
take  place  in  early  2009. 

The  registry  initiated  the  DNSSEC  coalition 
because  it  wants  to  share  its  experiences  with 
DNSSEC  deployment  and  simplify  the  upgrade 
process  for  registrars. 

“It’s  not  just  important  that  .org  implement 
DNSSEC,  but  DNSSEC  needs  to  be  seen  as  an 
infrastructure  upgrade  to  the  entire  DNS  be¬ 
cause  of  all  the  applications  that  ride  on  DNS 
today  and  all  the  applications  that  will  ride  on 
DNS  in  the  future,”  Raad  says.  “This  cannot  be 
done  by  one  organization  alone.” 

NeuStar  says  it  has  enabled  its  registry  plat¬ 
form  to  support  DNSSEC.  NeuStar  provides  the 
underlying  DNS  resolution  services  for  2  mil¬ 
lion  .biz  domain  names  and  1.4  million  .us 
domain  names.  Now  NeuStar  is  encouraging 
DNSSEC  deployment  among  such  companies 
as  GoDaddy,  eNom  and  Network  Solutions, 
which  sell  domain  names  to  businesses  and 
individuals. 

“We’re  doing  everything  we  can  to  work  with 
our  customers  to  go  through  the  process  of 
supporting  DNSSEC,”  Joffe  says. “They  may  or 
may  not  understand  the  urgency.  From  our 
point  of  view,  this  is  not  something  that  is  going 
to  be  delayed.  It  is  the  single  most  important 


thing  that  needs  to  be  done  to  try  and  maintain 
public  trust  in  the  Internet.” 

The  DNSSEC  coalition  hopes  to  drive  adop¬ 
tion  of  DNSSEC  across  registries  and  registrars 
worldwide. The  group  includes  two  country- 
code  top-level  domains  —  .se  for  Sweden  and 
.uk  for  the  United  Kingdom  —  along  with 
Internet  security  companies  such  as  Shinkuro, 
NLNet  Labs  and  Secure64  Software.The  group’s 
members  say  DNSSEC  is  the  best  known  mech¬ 
anism  for  thwarting  a  variety  of  attacks  includ¬ 
ing  cache  poisoning,  DNS  redirection  and 
pharming  that  are  used  to  commit  fraud  and 
personal  identity  theft. 

The  DNSSEC  coalition  is  creating  implemen¬ 
tation  manuals  and  educational  materials  to 
make  it  easier  and  less  costly  for  the  domain 
name  industry  to  adopt  DNSSEC. 

“My  hope  for  the  DNSSEC  Industry  Coalition 
as  its  chair  is  to  help  encourage  collaborative 
efforts  to  make  for  a  safer  and  more  secure 
DNS,”  says  Lauren  Price,  PIR’s  senior  marketing 
manager.  “We’re  trying  to  find  ways  to  stream¬ 
line  the  implementation  of  DNSSEC  across  all 
of  the  DNS  registries. . .  .We’re  trying  to  take  the 
burden  off  the  registrars.” 

The  main  goal  of  the  DNSSEC  coalition  is  to 
speed  up  deployment  of  this  security  standard, 
but  leaders  admit  that  they  can’t  fix  DNS  secu¬ 
rity  until  the  U.S.  government  signs  the  DNS 
root. “The  domino  that  starts  everything  is  the 
root  being  signed,”  Raad  says.“Even  with  a  very 
well-intentioned  industry  coalition,  it  is  unreal¬ 
istic  for  us  to  set  a  particular  date  for  DNSSEC 
deployment  without  the  root  being  signed. . . . 
That’s  why  we’re  urging  the  signing  of  the  root 
using  the  best  technical  solution  that  is  the 
most  expedient.” 

Afilias,  which  is  a  registry  service  provider  to 
more  than  15  top-level  domains  in  addition  to 
.info,  said  it  is  managing  the  technical  imple¬ 
mentation  of  DNSSEC  for  .org.  In  a  statement, 
Afilias  said  it  “views  the  implementation  of 
DNSSEC  as  critical  to  advancing  the  security  of 
the  Internet.  As  PIR’s  technical  provider,  we  are 
working  closely  with  them  on  providing  the 
technical  infrastructure  to  support  the  signing 
of  the  .org  zone.  We  are  also  investigating 
DNSSEC  deployments  for  our  other  [generic 
top-level  domain]  and  [country-code  top- 
level  domain]  customers  who  have  expressed 
interest. We  fully  support  the  DNSSEC  coalition 
and  hope  its  activities  will  encourage  the 
adoption  of  DNSSEC  throughout  the  rest  of  the 
chain  of  trust.”  ■ 
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IBM  System  x3350  Express 
II  $1,849 


OR  $48/  MONTH  FOR  36  MONTHS’ 

Stop  doing  those  routine  tasks  that  tie  you  up  for  hours. 
IBM  System  x3350  Express  monitors  your  infrastructure 
from  a  single  point  of  control.  Proactively  identifies 
potential  problems.  And  helps  you  solve  them  quickly. 
Let  System  x  servers  take  on  more  routine  tasks,  so  you 
can  take  on  more  challenges. 

From  the  people  and  Business  Partners  of  IBM. 

It’s  innovation  made  easy. 


THE  SERVER  THAT  PRACTICALLY  MANAGES  ITSELF. 


PN:  4193E2U 

Featuring  Intel®  Xeon®  Processors  X3330  (2.66  GHz/1333  MHz),  6  MB 
L2  QC,  2x2  GB,  open  bay  SAS  2.5"  HS 

Predictive  Failure  Analysis  and  Light  Path  Diagnostics;  redundant,  hot- 
swappable  power  supplies  and  fans;  and  up  to  4  hard  disk  drives 

3-year,  next  business  day,  on-site  limited  warranty2 


IBM  has  more  ways  to  help  you  get  more  done. 

IBM  SYSTEM  STORAGE  DS3200  EXPRESS  $4,495  OR  $117/  MONTH  FOR  36  MONTHS’ 

PN:  172621 X 

Up  to  six  3.5"  SAS  or  SATA  HDDs  or  up  to  eight  2.5"  SAS  HDDs  and  internal  tape  backup  option 
for  storage  protection 

Integrated  RAID  capability,  -0,  -1  and  -1.0;  RAID-5  optional 

Comes  with  a  3-year  on-site  limited  warranty2  on  parts  and  labor.  3-year  24x7  on-site  repair 
(PN:  21 P2078)  with  a  4-hour  response  is  available  for  an  additional  $600 


IBM  Express  “Bundle  and  Save” 

We  bundle  our  Express  systems  to  give  you  the  accessories  you 
need  -  while  saving  you  money  on  the  hardware  you  want. 

Act  now.  Available  through  ibm.com  and  IBM  Business  Partners. 
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Network  World  launches  new  online  resources 

“IT  Product  Guides”  streamline  the  buying  process,  while  “Toolshed”  focuses  on  IT 
tools,  the  latest  gadgets  and  experts  addressing  tech  questions 


Network  World  this  week  pulled  the  wraps  off 
two  new  Web  site  resources  that  are  designed 
to  simplify  your  life,  keep  you  in  the  know  and 
help  you  solve  problems. 

IT  Product  Guides 

Our  new  IT  Product  Guides  are  threaded 
throughout  the  site  and  combine  Network 
World  articles  and  product  tests  with  detailed 
vendor  information  about  products  and 
where  they  fit  in. The  guides  cover  60  key  net¬ 
work  product  areas,  from  routers  to  collabora¬ 
tion  software  to  IP  PBXs. 

A  Quick  Glance  feature  shows  all  the  partic¬ 
ipating  vendors  in  a  given  product  category 
the  market  they  are  targeting  (small  to  large) 
and  how  the  products  compare  on  price. 
Clicking  on  any  entry  in  the  Quick  Glance  grid 
brings  up  a  brief  product  description  and  a 
link  to  in-depth  product  specifications  that 
Network  World  has  obtained  from  the  vendors. 

The  Compare  Tool  feature  lets  buyers  select 
the  most  interesting  products  to  line  up  side- 
by-side,  revealing  detailed  technical  specifica¬ 
tions  and  pricing,  while  the  Buying  Info  tab 
showcases  original  Network  World  articles 
about  the  product  category  These  articles 
address  everything  from  market  trends  to  best 
practices,  buying  tips,  technical  primers  and 
case  studies. 

Together  these  components,  along  with  a 
news  feed  of  the  latest  developments  in  each 
category,  are  designed  to  help  enterprise  IT 
buyers  make  informed  buying  decisions. 

Tool  Shed 

We  are  also  proud  to  unveil  Toolshed,  a  site 
resource  that  brings  together: 

•  Reviews  of  IT  tools  by  longtime  contributor 
Mark  Gibbs. 

•  Hands-on  reports  about  the  latest  gadgets 
by  Network  World’s  Keith  Shaw. 

•  Expert  advice  from  contributors  Steve 
Blass  and  Ron  Nutter  in  what  we  call  IT  Asked 
&  Answered.  Blass,  who  has  been  working 
with  TCP/IP  networks, systems  and  software  for 
almost  20  years,  is  an  IT  manager  and  Internet 
consultant  in  Phoenix,  Ariz.  Nutter,  who  has 
been  in  the  field  since  the  1980's,  is  a  network 
engineer  on  a  team  supporting  a  national  net¬ 
work  connecting  over  45  offices  across  the 
county 

Throughout  Toolshed  the  community  is 
encouraged  to  rate  the  tools,  gadgets  and 
advice  so  you  don’t  have  to  take  our  word 
about  the  importance  of  this  stuff.  The  com¬ 
munity  also  is  encouraged  to  weigh  in  with 
their  own  thoughts  about  the  material  dis¬ 
cussed  and  ultimately  will  be  able  post  their 
own  reviews. 

Poke  around  in  these  two  new  areas  and  let 
us  know  what  you  think. 

—  John  Dix  Qdix@nww.com) 
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The  new  IT  Product  Guides  cover  60  areas  and  offer  a  Quick  Glance  feature 
that  shows  target  products  on  a  grid  (above  left)  with  price  on  the  Y  axis 
and  network  size  on  the  X-  Clicking  on  any  dot  on  the  grid  (1)  gives  sum¬ 
mary  product  details  and  the  option  to  access  more  detailed  specifica¬ 
tions  or  a  brochure.  If  you  want  to  dive  deeper,  you  can  use  the  Compare 
Tool  feature  (2)  to  analyze  products  side-by-side,  peruse  Network  World 
product  tests,  or  find  articles  about  buying  tips  and  market  trends  (3). 
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Only  half  of  available  bandwidth  can  be  used  ?? 

Wireless  connection  not  working 

Getting  one  printer  to  work  with  two  computers 
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Cool  Tools 

Mophie  Juice  Pack  gives  iPhono  3G  backup  power 

11.  _ 

Atek  Or.Board  portable  keyboard  deserves  spot  In 
travel  bag 
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Copy  (or  erase)  tots  of  date  to  USB,  fast 
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BT-200  headset  beats  tha  noise  (mostly) 

Cool  Tools 

■  Keith  Shttw  Bins  with  'he  cnoftrit  gattgtn 


Mophie  Juice  Pack  gives  iPhone  3G  backup  power 

■  I  ***00 

The  scoop:  Juice  Peck  tor  IPhone  3G.  by  Mophie,  about  8100. 


What  it  Is  Tha  Juice  Pack  Is  a  combination  extra  battery  peck  end 
soft  grip,  non-sup  case  with  a  buUMn  IPhone  dock  connector  When 
the  IPhone  ft  inserted  into  the  case,  extra  power «  provided  by  the  case’s  rechargeable 
lithium  polymer  battery.  Mophie  claims  as  many  as  350  extra  hours  of  standby  time;  as 
many  as  six  more  hours  of  talk  time  (over  3G;  as  many  as  1 2  hours  over  EDGE);  as 
many  as  six  hours  over  3G  of  Internet  data  use  (seven  hours  over  WI-FI),  as  many  as  28 
hours  of  audio  playback  or  eight  hours  of  video  playback  time)  The  device  can  be 
recharged  via  USB  cable,  end  S  can  ba  recharged  with  the  IPhone  at  tha  same  time. 

Why  M's  cool:  Battery  life  issues  of  the  iPhone  3G  have  been  well  documented,  heavy 
voice  and  data  usage  in  3G  areas  can  dram  me  energy  of  the  device  m  tees  lhan  one 
workday.  Having  the  Mophie  Juke  Peck  is  a  valuable  battery  Me  backup  plan  that  can 
save  you  until  you  can  recharge  the  devico  later  The  fact  that  it  also  doubles  as  an 
IPhone  case  (at  least  tor  the  back  pert)  ft  a  nice  feature  Blue  kghts  on  tha  back  of  the 
device  give  an  indication  of  how  much  ju>oe  *  left  on  me  Juice  Peck. 

Some  caveats:  Wow.  at  $100.  thaTs  a  pricy  device  The  bulky  nature  of  the  case  8tso 
wBl  add  extra  weight  to  your  .Phone  experience.  Personalty.  I  preferred  the  smeller 
Kensington  snap-on  battery  pock,  which  «  naif  me  pdoa  and  much  more  portable,  to 
provide  emergency  backup. 
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In  Toolshed  we  pull  together  three  things  everyone  cares  about:  IT  tools  (4), 
the  latest  high  tech  gadgets  (5)  and  advice/discussion  about  vexing  tech 
problems  (6).  All  three  Toolshed  resources  invite  the  community  (7)  to  rate 
the  items  being  discussed,  and  weigh  in  with  their  own  thoughts. 
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Financial  services  firms  like  ours  are  very  dependent  on  the  use  of 
email  and  Web  connectivity  to  conduct  our  business.  As  the  Director 
of  information  technology  I  have  to  make  the  security  of  those  channels 
my  top  priority. 

And  as  the  use  of  the  domain  name  system  to  conduct  attacks,  steal 
data  and  interrupt  business  has  increased,  so  has  our  need  to  monitor 
our  communication  channels.  In  this  new  environment,  using  standard 
command  line  tools  to  detect  and  fix  critical  problems,  particularly  in  a 
crisis,  is  no  longer  an  option.  It's  time  consuming  and  costly.  And  frankly, 
that's  time  I  don't  have  and  a  cost  my  firm  can't  afford.  Like  any  smart 
IT  guy  I  look  for  the  most  efficient  solution  to  solve  a  problem.  That's  why 
I  absolutely  depend  on  DNSstuff  to  stay  on  top  of  my  domain  management 
responsibilities  and  fix  a  DNS  problem  fast  in  a  crisis.  DNSstuff  is  rock 
solid  and  reliable;  an  every  day  tool  that  I  can't  afford  to  be 
without.  I  can  make  DNS  changes  quickly,  manage  my 
domains  with  ease,  and  run  a  report  in  seconds.  And 
DNSstuff's  24  hour  alert  service  helps  me  detect 
critical  changes  before  my  users  do. 

Like  it  or  not,  businesses  are  more  vulnerable 
than  ever  to  DNS  attacks.  I  sleep  better  at 
night  knowing  I  can  depend  on  DNSstuff  to 
deal  with  it.  That’s  my  point  of  view. 

For  real. 

-SAL  QUINONEZ 

IT  Director,  Thomas  H.  Lee  Partners 
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ROCK  SOLID  AND  DEPENDABLE 


The  Real  Stuff. 


NEWS  ANALYSIS 


Cloud  computing  at  a  glance 


What  a  private  cloud  is:  A  flexible  computing  network  modeled  after  the  cloud  com¬ 
puting  services  of  such  public  providers  as  Google  and  Amazon.com,  yet  built  and 
managed  internally  for  a  business’s  users. 

How  it  works:  Virtualization  and  other  technologies  combine  to  create  flexible  and 
scalable  computing  pools  that  allocate  processing  power  and  applications  on  demand. 
Users  are  presented  only  with  a  service-oriented  interface. 

Components  of  a  private  cloud:  Virtualization,  application  streaming,  configuration 
management,  application  life-cycle  management,  runbook/process  automation,  usage- 
based  chargeback  and  billing,  operating-system  provisioning. 

Key  benefits:  Economies  of  scale,  service-level  agreements,  availability  on-demand, 
linear  scalability,  self-service. 

Key  challenges:  Vendor  hype,  growing  storage  needs,  technology  that  can  manage  dis¬ 
tributed  resources  as  a  whole  still  in  early  stages. 

Who’s  doing  it:  Bechtel,  Deutsche  Bank,  Micron  Technology, T-Systems,  Merrill  Lynch, 
A.G.  Edwards,  other  large  corporations. 


Cloud 

continued  from  page  1 

may  not  seem  like  a  huge  proportion,  but  it’s  a 
sign  that  private  clouds  are  moving  beyond  the 
hype  cycle  and  into  reality 

“It’s  definitely  not  hype,”  says  Vivek  Kundra, 
CTO  for  the  District  of  Columbia,  which  plans 
to  blend  IT  services  provided  from  its  own  data 
center  with  such  external  cloud  platforms  as 
Google  Apps.  “Any  technology  leader  who 
thinks  it’s  hype  is  coming  at  it  from  the  same 
place  where  technology  leaders  said  the 
Internet  is  hype.” 

At  the  center  of  cloud  computing  is  a  service- 
oriented  interface  between  a  provider  and 
user,  enabled  by  virtualization,  says  Thomas 
Bittman,a  Gartner  analyst.“When  I  move  away 
from  physical  to  virtual  machines  for  every 
requirement,  I’m  drawing  a  layer  of  abstrac¬ 
tion,”  he  says.  “What  virtualization  is  doing  is 
you  [the  customers]  don’t  tell  us  what  server  to 
get, you  just  tell  us  what  service  you  need.” 

Virtualization  technologies  for  servers,  desk¬ 
tops  and  storage  are  readily  available,  but  to  get 
all  the  benefits  of  cloud-computing, enterprises 
will  need  a  new,  meta  operating  system  that 
controls  and  allocates  all  of  an  enterprise’s  dis¬ 
tributed  computing  resources,  Gartner  says. 

It’s  not  clear  exactly  how  fast  this  technolo¬ 
gy  will  advance.  VMware  plans  to  release 
what  might  be  considered  a  meta  operating 
system  with  its  forthcoming  Virtual  Data¬ 
center  Operating  System;  in  terms  of  timing, 
however,  the  vendor  will  say  only  that  it  will 
be  released  in  2009. 

Cloud  computing  is  less  a  new  technology 
than  it  is  a  way  of  using  technology  to  achieve 
economies  of  scale  and  offer  self-service 
resources  that  are  available  on  demand,  The 
451  Group  says.  Numerous  enterprises  are  tak¬ 
ing  on  this  challenge  of  building  more  flexible, 
service-oriented  networks  using  existing  prod¬ 
ucts  and  methodologies. 

Thin  clients  and  virtualization  are  the  key  for 
Lenny  Goodman,  director  of  the  desktop  man¬ 
agement  group  at  Baptist  Memorial  Health 
Care  in  Memphis, Tenn. The  hospital  uses  1,200 
Wyse  Technology  thin  clients,  largely  at 
patients’  bedsides,  and  delivers  applications  to 
them  using  Citrix  XenApp  application  virtual¬ 
ization  tools.  It  also  is  rolling  out  virtual,  cus¬ 
tomizable  desktops  to  those  thin  clients  using 
Citrix  XenDesktop. 

Just  as  Internet  users  can  access  Amazon, 
Google,  Barnes  &  Noble  or  any  Web  site  they 
wish  to  use  from  anywhere,  Goodman  wants 


More  on  cloud  computing 

•  Sun  taking  another  shot  at  the  cloud. 
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•  Columnist  Jim  Kobielus  doesn’t  want 
to  burst  the  cloud  bubble,  but . . . 
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hospital  workers  to  be  able  to  move  among  dif¬ 
ferent  devices  and  have  the  same  experience. 

“You  get  the  advantage  of  taking  that  entire 
experience  and  making  it  roam  without  the 
nurse  having  to  carry  or  push  anything,”  he 
says.“They  can  move  from  device  to  device.” 

A  cloud-based  model  where  applications 
and  desktops  are  delivered  from  a  central 
data  center  will  make  data  more  secure, 
because  it’s  not  being  stored  on  individual 
client  devices,  Goodman  says. “If  we  relocate 
that  data  to  the  data  center  by  virtualizing  the 
desktop,  we  can  back  it  up,  we  can  secure  it, 
and  we  can  provide  that  data  to  the  user 
wherever  they  are,”  he  adds. 

The  District  of  Columbia’s  Kundra  came  on 
board  in  March  2007  with  the  goal  of  establish¬ 
ing  a  DC.gov  cloud  that  would  blend  services 
provided  by  his  own  data  center  with  such 
external  cloud  platforms  as  Google  Apps.  The 
district  moved  aggressively  to  server  virtualiza¬ 
tion  with  VMware,  and  made  sure  it  had 
enough  network  bandwidth  to  support  appli¬ 
cations  hosted  on  DC.gov 

The  move  to  acting  as  an  internal  hosting 
provider  while  accessing  applications  outside 
the  firewall  required  an  increased  focus  on 
security  and  user  credentials,  Kundra  says.  But 
that  was  a  necessary  part  of  giving  users  the 
same  kind  of  anytime, anywhere  access  to  data 
and  applications  they  enjoy  as  consumers  of 
services  in  their  personal  lives.  “The  line  is 
blurred,” he  says  “It  used  to  be  you  would  come 
to  work  and  only  work.  The  blurring  started 
with  mobile  technologies,  people  doing  work 
anytime,  anywhere.” 

Kundra  and  Goodman  have  begun  thinking 
of  themselves  as  internal  cloud  providers,  but 
many  other  IT  shops  view  cloud  computing  as 
it  relates  to  acquiring  software-as-a-service  and 
on-demand  computing  resources  from  such 
external  providers  as  Salesforce. 

“Cloud  computing  is  definitely  the  hot  buzz¬ 


word,”  says  Thomas  Catalini,  a  member  of  the 
Society  for  Information  Management  and  vice 
president  of  technology  at  insurance  broker¬ 
age  William  Gallagher  Associates  in  Boston. 
“To  me  it  means  outsourcing  to  a  hosted 
provider.  I  would  not  think  of  it  in  terms  of 
cloud  computing  to  my  own  company. 
[Outsourcing]  relieves  me  of  having  to  buy 
hardware,  software  and  staff  to  support  a  par¬ 
ticular  solution.” 

Theresa  Lanowitz,  founder  of  analyst  firm 
Voke,  is  a  strong  proponent  of  using  external 
clouds  to  reduce  management  costs.  Building 
internal  clouds  is  too  difficult  for  most  IT 
shops,  she  says. 

“That  is  a  cumbersome  task,” Lanowitz  says. 
“One  of  the  benefits  of  cloud  computing  is 
that  you  have  companies  who  can  offer  up 
things  in  a  cloud. To  build  it  on  your  own  is 
an  ambitious  project.  Where  I  see  more 
enterprises  going  is  down  the  path  of  renting 
clouds  that  have  been  built  out  by  some  ser¬ 
vice  provider.” 

There  is  room  for  both  internal  and  external 
cloud  computing  within  the  same  enterprise, 
though.  In  Gartner’s  view,  corporations  that 
build  their  own  private  clouds  will  also  access 
extra  capacity  from  public  providers  when 
needed.  During  times  of  increased  demand, 
the  meta  operating  system  will  procure  addi¬ 
tional  capacity  from  outside  sources  automati¬ 
cally,  and  users  won’t  necessarily  know 
whether  they  are  using  computing  capacity 
from  inside  or  outside  the  firewall. 

While  “cloud”  might  be  an  overused  buzz¬ 
word,  Kundra  views  cloud  computing  as  a  nec¬ 
essary  transition  to  more  flexible  and  adapt¬ 
able  computing  architectures. 

“I  believe  it’s  the  future,” Kundra  says.'Tt’s  mov¬ 
ing  technology  leaders  away  from  just  owning 
assets,  deploying  assets  and  maintaining  assets 
to  fundamentally  changing  the  way  services 
are  delivered.”  ■ 
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The  road  to  virtualization 
now  has  a  high  speed  lane. 


You  can  deploy  high-density  racks  right  now... 

Deploy  InfraStruXure  as  the  foundation  of  your  entire 
data  center  or  server  room,  or  overlay 
into  an  existing  large  data  center. 


Infrastructure 

DATA  CENTERS  ON  DEMAND 


Virtualization  is  here  to  stay. 

And  it’s  no  wonder  -  it  saves  space  and  energy  while  letting  you  maximize  your  IT 
resources.  But  smaller  footprints  can  come  at  a  cost.  Virtualized  servers ,  even  at  50% 
capacity,  require  special  attention  to  cooling,  no  matter  their  size  or  their  location. 

1 .  Heat  Server  consolidation  creates  higher  densities  -  and  higher  heat  -  per  rack, 
risking  do  wntime  and  failure. 

2.  Inefficiency  Perimeter  cooling  can’t  reach  heat  deep  in  the  racks.  And  over¬ 
cooling  is  expensive  and  ineffective. 

3.  Power  Events  Virtual  loads  move  constantly,  making  it  hard  to  predict  available 
power  and  cooling,  risking  damage  to  your  network. 

The  right-sized  way  to  virtualize. 

With  the  new  HD-Ready  InfraStruXure  architecture,  you  can  take  on  high-density  by 
cooling  the  virtualized  high-density  row,  controlling  power  at  the  rack  level,  and  man¬ 
aging  the  system  with  advanced  software  and  simulation.  Though  virtualizing  saves 
energy,  true  efficiency  also  depends  on  the  relative  efficiencies  of  power,  cooling,  and 
servers.  Right-sizing  one  and  not  the  others  (See  Figure  1)  leaves  efficiency  savings 
on  the  table.  To  right-size,  depend  on  the  efficient,  modular  HD-Ready  InfraStruXure 
and  neutralize  heat  at  the  source.  Equipment  will  be  safer  and  more  efficient  running 
closer  to  1 00%  capacity. 


Principles  of  InfraStruXure" 

High  Density-Ready  Architecture... 

1  Rack  enclosures  that  are  HD-Ready 

2  Metered  PDUs  at  the  rack  level 

3  Temperature  monitoring  in  the  racks 

4  Centralized  monitoring  software 

(not  shown) 


5  Operations  software  with  predictive 
capacity  na  gement  (not  shown) 

6  Efficient  InRow  cooling  technology 

7  UPS  power  that  is  flexible  and  scalable 


SCHEMATIC  LEGEND: 

CRAC  UNITS 

STANDARD  DENSITY  RACKS 
■■  CENTRALIZED  UPS 

■  INFRASTRUXURE  HD-READY  ZONES 

Figure  1 

Efficiency  and  Virtualization 

Your  servers  are  efficient,  but  is  your 
power  and  cooling? 


COOUNG  USAGE/CAPACITY 
SERVERS 

POWER  USAGE/CAPACITY 


Pre-Server  Virtualization 

□  Correct  Server  Utilization 

□  Correct-sized  Power 

□  Correct-sized  Cooling 


0 


Big  gains  could  be  made  with  both 
server  and  power  and  cooling 
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Efficiency 


Don't  agonize,  virtualize. 

What  are  you  waiting  for?  With  HD-Ready  InfraStruXure  architecture  anyone  can 
virtualize... anytime,  anywhere.  Just  drop  it  in  and  go. 

Why  do  leading  companies  prefer  InfraStruXure  6  to  1  over  traditional 
data  center  designs?  Find  out  at  www.xcompatible.com 


Post-Server  Virtualization 


(Vf  Correct  Server  Utilization 

□  Correct-sized  Power 

□  Correct-sized  Cooling 


Grossly  oversized  power  and  cooling  cancels 
out  potential  gains  made  by  virtualizing. 
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Server  Virtualization  with  Power  and  Cooling 


Right-sized  power  and  cooling  tip  the  balance  back  in  your  favor. 

2f  Correct  Server  Utilization 
Ef  Correct-sized  Power 
[Vf  Correct-sized  Cooling 
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The  following  have  been  tested  and  work  best  with  InfraStruXure  Solutions.  Go  to  www.xcompatible.com  to  learn  more. 
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Eaton  expertise  in  a  UPS. 
Uninterruptibility  from  Eaton®  isn't  a  new 
offering.  It's  an  iron-clad  promise,  backed  by  a 
$13B  global  organization  and  a  century-long 
heritage  with  power  protection,  distribution 
and  management  expertise.  That  expertise 
has  grown  to  include  the  Powerware® 
and  MGE  Office  Protection  Systems™ 


Internet  architecture: 
Not  logical,  captain! 


EYE  ON  THE 

CARRIERS 

Johna  Till  Johnson 


Last  week  I  recapped  the  results  of  some 
recent  work  I’ve  done  with  my  colleagues 
modeling  Internet  performance.  In  addi¬ 
tion  to  assessing  capacity  and  demand,  we 
looked  at  what  you  could  call  “the  logical 
Internet”:  the  scalability  of  such  protocol-layer 
features  as  addressing,  routing,  multihoming 
and  mobility 

The  news  is  pretty  bad:  Internet  scalability  is 
reaching  its  limits  rapidly  because  of  architec¬ 
tural  issues  inherent  in  the  design  of  the  ’Net. 

_  And  IPv6  —  since  the  mid-1990s  touted  as  the 

fix  —  patently  fails  to  fix  the  problem. 

To  see  why,  look  closely  at  addressing.There  are  three  types  of  names 
and  addresses  necessary  for  a  complete  architecture:  application 
names,  which  are  location  independent  and  indicate  what  is  to  be 
accessed;  network-node  addresses,  which  are  location  dependent  and 
route  independent,  and  indicate  where  the  accessed  application  is; 
and  point-of-attachment  addresses,  which  may  or  may  not  be  location 
dependent  but  are  route  dependent  and  describe  how  to  get  there. 

A  major  problem  with  Internet  architecture  is  that  it  names  the 
same  thing  twice:  Media  access  control  (MAC)  addresses  and  IP 
addresses  both  name  the  point  of  attachment,  but  there  are  no 
defined  mechanisms  for  creating  either  network-node  or  application 
addresses. 

Essentially  that  means 
Internet  architecture 
includes  just  the“ho\y”  not 
the  “where”  and  “what.”This 
makes  it  incredibly  cum¬ 
bersome  to  implement 
such  functions  as  multi¬ 
homing  (connecting  to 

multiple  networks  simultaneously  for  load-balancing,  greater  perfor¬ 
mance  or  redundancy)  or  mobility  (roaming  across  multiple  net¬ 
works).  And  IPv6  doesn’t  fix  these  weaknesses.it  just  throws  a  spot¬ 
light  on  them. 

Take  multihoming.  In  today’s  Internet,  a  URL  first  must  resolve  to  an 
IP  address,  then  to  a  well-known  port.  If  a  system  has  multiple  inter¬ 
faces  (such  as  when  it’s  multihomed),  it  has  multiple  aggregate-able  IP 
addresses.The  routers  can’t  tell,  however,  that  these  different  addresses 
go  to  the  same  place  (because  there’s  no  defined  mechanism  for 
doing  so).  So,  the  system  has  to  be  assigned  a  non-aggregate-able 
address,  which  increases  everyone’s  router-table  size.  In  practice,  that 
means  that  either  most  users  can’t  multihome,  or  routing  tables  must 
increase  dramatically 

Or  look  at  mobility  There  are  two  ways  to  create  mobility  in  today’s 
Internet.  One  is  for  the  user  to  stay  entirely  on  a  single  provider’s  net¬ 
work,  for  example,  a  wireless  provider’s. That  essentially  makes  the 
user  into  the  carrier’s  captive. The  other  approach  (which  applies 
across,  say  Wi-Fi  and  mesh  networks)  is  to  use  IP  mobility,  in  which  the 
Internet  creates  a  “home”  router  that  knows  when  you  move  and  cre¬ 
ates  a  tunnel  to  the  router  where  you  are  so  it  can  forward  your  traffic 
to  you. This  clobbers  performance:  Imagine  the  impact  on  a  voice  call 
if  it  were  being  routed  back  and  forth  across  the  Internet. 

In  short,  the  Internet  has  some  fundamental  architectural  flaws  that 
are  about  to  become  glaringly  evident,  as  billions  more  mobile  and 
multihomed  devices  come  online  (including  not  just  phones,  but  sen¬ 
sor  networks  and  machine-to-machine  links).  As  noted  Internet  Archi¬ 
tect  John  Day  says, “The  Internet  architecture  has  been  fundamentally 
flawed  from  the  beginning.  It’s  a  demo  that  was  never  finished.” 


**The  Internet  has  some 
fundamental  architectural 
flaws  that  are  about  to 
become  glaringly  evident.55 
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Johnson  is  president  and  senior  founding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 
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How  security  predictions 
fared  in  a  volatile  year 


At  the  end  of  2007  I  wrote  a  column  on  the 
future  of  security  in  2008  in  “Security:  What 
will  be  hot  in  2008?”  Now  it’s  time  to  look 
back  at  my  look  ahead  and  see  how  it  all  went. 
Back  then  I  said  that  predicting  the  future 
depends  on  good  data  and  hope  that  volatil¬ 
ity  from  external  events  will  be  low  Accor¬ 
ding  to  the  latest  data,  we  were  just  entering 
the  recession  that  is  now  12  months  old,  so 
there  was  volatility  aplenty  Let’s  see  how  I 
did  in  my  predictions: 

•  Accelerating  enterprise  adoption  of  mobile 
platforms  will  lead  to  more  security  threats  on  mobile  devices. 
Adoption  of  mobile  platforms,  check.  More  security  threats,  not  yet.l 
think  I  missed  the  time-scale  (I’ll  have  to  decide  if  this  one  goes  into 
2009  predictions  or  if  it’s  too  early).  With  the  iPhone  opening  up  to  a 
multitude  of  developers  and  applications,  and  Android  even  more 
open,  mobile  security  might  become  an  issue. 

•  Hard-drive  encryption  on  the  desktop  will  continue  and  spread  to 
the  data  center.  About  50%  on  this  one.  Laptop  encryption  and  desk¬ 
top  encryption  are  becoming  more  mainstream.  Laptop  hard-drive 
encryption  was  one  of  the  top  three  security  initiatives  funded  in  the 
enterprise  in  2008.  Data  center  servers  are  not  following  just  yet. 

•  Network  access  control  sales  will  continue  to  fall  short  of  the  hype. 
Whereas  NAC  was  everywhere  at  the  RSA  conference  in  2007,  by  2008 
it  had  disappeared. The  complete  absence  of  NAC  as  an  industry  buzz¬ 
word  at  a  security  trade  show  is  news  in  itself.  Infrastructure  “forklift” 
NAC  failed  to  gain  much  traction.  Comprehensive  endpoint  control  is 
still  a  rarity  even  in  very  homogeneous  IT  shops.  I’ll  count  this  predic¬ 
tion  as  a  success. 

•  Carrier  and  ISP-based  managed  security  services  for  small-to-mid- 
size  businesses  will  multiply  and  spread.  2008  saw  a  lot  more  invest¬ 
ment  by  carriers  in  managed  security  services,  and  many  of  them 
headed  down-market  to  appeal  to  smaller  businesses.  Our  2008  securi¬ 
ty  research  showed  that  the  primary  reason  for  buying  these  services 
shifted  from  cost  to  lack  of  in-house  skills.  SMB  interest  and  adoption 
of  managed  security  services  —  check. 

•  In  2008,  black-market  profits  will  surpass  those  of  the  top  three 
security  pure-play  companies.  This  prediction  is  hard  to  verify  because 
the  bad  guys  don’t  publish  quarterly  results,  but  our  economic  analysis 
of  the  black  market  for  identities  indicates  that  this  happened.  Not  only 
did  identity  theft,  botnets  and  spam  keep  growing,  but  the  publicly  trad¬ 
ed  security  companies  were  battered  by  market  volatility  Count  this  as 
an  unfortunate  win,  because  the  bad  guys  indeed  are  winning. 

•  Virtualization-based  compartmentalization  of  laptops  and  desktops 
for  security  reasons  will  accelerate.  From  Parallels-based  Windows 
images  on  Macs  to  the  use  of  virtual  desktops  to  control  application 
deployment,  security  is  increasingly  a  driver  for  virtualization. The  latest 
news  is  Google’s  x86  sandbox  for  running  code  securely  inside  a 
browser. This  one  is  a  win. 

So  —  4.5  out  of  six,  a  75%  prediction  rate  in  a  volatile  year.  Better 
than  a  coin  toss,  and  better  than  my  stock  predictions  for  2008. 


k  J 


RISK  &  REWARD 

Andreas  Antonopoulos 


Antonopoulos  is  a  senior  vice  president  and  founding  partner  at 
Nemertes  Research,  an  independent  technology  research  firm.  He  can 
be  reached  at  andreas@nemertes.com. 


ONLINE:  Network  World  Security  Buyer's  Guide 

From  antispam  to  wireless  LAN  security,  we've  got  detailed 
information  on  hundreds  of  products. 

www.nwdocfinder.com/1058 
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product  families.  Today  the  Eaton  label  is 
found  on  UPSs  with  the  highest  efficiency, 
smallest  footprint,  lightest  weight,  and 
easiest  installation  available.  Count  on  more 
innovations  to  follow,  in  UPSs,  advanced 
power  distribution  and  management 
solutions.  All  so  you  can  meet  your  power 
challenges  —  and  power  through. 
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Sun  revisits  cloud  computing 


a  [Grid  Compute  Utility  Service]  was  kind  of  an 
early  attempt  at  cloud  computing.  We  got  some 
features  right  and  some  not  right.55 

Dave  Douglas 

Senior  vice  president  for  Sun’s  Cloud  Computing  division 


BY  JAMES  NICCOLAI,  IDG  NEWS  SERVICE 

Having  coined  the  phrase  “the  network  is  the 
computer”  more  than  a  decade  ago  Sun  could 
expect  to  be  leading  the  march  towards  cloud 
computing,  but  in  some  ways  it  is  still  at  the 
start  line. 

Sun  recently  pulled  the  plug  on  its  Grid  Com¬ 
pute  Utility  service,  which  was  launched  two 
years  ago  and  allowed  companies  to  buy  com¬ 
puting  power  from  Sun’s  data  centers  at  a  fixed 
rate  per  hour,  like  a  public  utility 

The  service,  which  predated  Amazon.com’s 
EC2  service,  is  now  “in  transition”  as  Sun  pre¬ 
pares  to  launch  some  new  services,  according 
to  its  Web  site.  Sun  is  still  supporting  customers 
who  signed  up  for  the  Grid  service  but  stopped 
accepting  new  customers  several  weeks  ago. 

“That  was  an  early  attempt  at  cloud  comput¬ 
ing.  We  got  some  features  right  and  some  not 
right,”  says  Dave  Douglas,  senior  vice  president 


BY  DENISE  DUBIE 

HP  last  week  announced  upgraded  software 
and  alternate  licensing  options  that  it  says  will 
help  enterprise  IT  managers  reduce  costs  and 
continue  to  deliver  services  during  the  eco¬ 
nomic  downturn. 

At  HP  Software  Universe  in  Vienna,  Austria, 
HP  unveiled  upgraded  products  that  the  com¬ 
pany  says  will  help  enterprise  IT  managers  bet¬ 
ter  prioritize  projects  and  manage  require¬ 
ments  for  the  business.  For  instance,  HP  inte¬ 
grated  Quality  Center  10.0  with  Project  and 
Portfolio  Management  (PPM),  which  will  en¬ 
able  IT  managers  to  see  the  number  of  events, 
incidents  and  defects  that  occur  in  a  project  to 
ensure  business  needs  are  met  and  projects  are 
finished  within  deadline.  Quality  Center  soft¬ 
ware  manages  and  governs  software  quality 
assurance  processes,  automates  software  test¬ 
ing  and  facilitates  defect  management, accord¬ 
ing  to  HP 

“In  these  uncertain  times,  what  we  are  seeing 
from  customers  is  a  need  to  invest  smarter  and 
wiser  so  they  can  come  out  of  this  down  cycle 
ahead,  instead  of  reacting  and  retracting  with 
cost  cutting.  They  want  to  ride  this  economic 
trend  out  and  come  out  ahead  ultimately’ says 
Ramin  Sayar,  senior  director  of  Business 
Service  Management  products  at  HP 

The  enhanced  integration  will  also  make  it 
possible  for  IT  departments  to  identify  low- 
value  projects  and  reduce  investment  and 
labor  in  such  projects.  Added  integration  be- 


in  charge  of  Sun’s  Cloud  Computing  division. 
“We  still  think  that  model  makes  sense.” 

Sun  last  week  discussed  how  it  will  tackle  the 
cloud  market.  Thanks  partly  to  its  early  em¬ 
brace  of  the  Web,  Sun  has  a  formidable  list  of 
technologies  that  it  can  bring  to  the  cloud  mar¬ 
ket.  Besides  its  servers  and  storage  gear  it  has 
its  Solaris  OS,  MySQL  database,  xVM  virtualiza¬ 
tion  software  and  ZFS  file  system,  to  name  a 
few.  Most  of  the  software  is  open  source. 


tween  Quality  Center  10.0  and  HP  Universal 
Configuration  Management  Database 
(UCMDB)  8.0  can  also  help  customers  cen¬ 
tralize  and  standardize  processes  around  best- 
practice  frameworks, such  as  ITIL,HP  says.This 
new  version  of  UCMDB  is  integrated  with  17 
products  across  HP’s  Business  Technology 
Optimization  (BTO)  portfolio,  including 
Business  Availability  Center  8.0,  Operations 
Manager  i-Series,  Network  Node  Manager  i- 
Series  Advanced  and  Service  Manager. 

“With  limited  resources  to  invest  in  new  tech¬ 
nologies,  IT  managers  realize  now  is  a  good 
time  to  codify  best  practices,”  Sayar  says.  “In¬ 
tegrations  with  the  UCMDB  enable  customers 
to  see  business  services  from  start  to  finish, 
reduce  risk  and  fix  network  problems  using 
proven  processes.” 

HP  not  only  upgraded  products  with  inte¬ 
grations,  the  company  also  introduced  more 
ways  to  acquire  its  applications.  For  instance, 
the  company  made  its  BTO  software  suite 
available  via  software-as-a-service  licensing. 
And  in  the  wake  of  closing  its  acquisition  of 
EDS,  HP  introduced  EDS  Designed  for  Run 
and  EDS  Testing  and  Quality  Assurance  Ser¬ 
vices,  which  provides  enterprises  with  a  path 
for  modernizing  applications  and  optimizing 
systems  engineering  processes,  respectively. 
These  prepackaged  best  practices  will  help 
customers  get  more  from  their  investment 
sooner.  And  HP  Financial  Services  is  offering 
0%  financing.* 


Sun  must  now  package  that  technology  and 
persuade  service  providers  and  enterprises  to 
select  it  as  their  vendor  of  choice  for  the  cloud. 

“A  lot  of  the  enabling  technology  is  there.  It’s 
how  they  are  going  to  pull  it  together  and  take 
it  to  market  that  matters,” says  Jean  Bozman,an 
analyst  at  IDC. 

CEO  Jonathan  Schwartz  formed  Sun’s  Cloud 
Computing  division  a  few  months  ago  and  it 
now  has  several  hundred  engineers,  Douglas 
says.  Sun  also  hired  Lew  Tucker,  who  helped 
build  Salesforce.com’s  online  AppExchange,  to 
be  the  division’s  CTO. 

Sun  sees  three  levels  of  cloud  computing, 
Douglas  said.  At  the  highest  level  are  soft- 
ware-as-a-service  applications  such  as  Sales 
force.com’s  CRM;  in  the  middle  are  cloud 
development  platforms  such  as  the  Google 
App  Engine. 

Sun  hopes  to  play  a  big  role  at  the  bottom 
two  levels,  Douglas  says.  It  wants  to  provide  the 
infrastructure  that  service  providers  use  to 
offer  cloud  services,  but  it  may  also  offer  on- 
demand  infrastructure  services  of  its  own. 

Sun  could  offer  a  hosted  version  of  its  MySQL 
database  for  developers,  for  example,  and  it 
could  launch  on-demand  computing  services 
to  replace  its  Grid  utility  service. 

Douglas  says  Sun’s  Solaris  has  several  bene 
fits,  particularly  in  the  area  of  management  and 
security.  A  company  could  run  Linux  or  Win¬ 
dows  in  virtual  containers  inside  Solaris,  and 
then  use  the  Sun  OS  for  tasks  such  as  provi¬ 
sioning  and  security 

He  also  highlighted  Crossbow,  which  is  part 
of  Sun’s  OpenSolaris  project  and  can  manage 
virtual  network  interface  cards  and  funnel 
high  volumes  of  traffic  between  servers  run¬ 
ning  a  variety  of  operating  systems. 

Sun  acknowledged  that  there  is  much  work 
for  the  industry  to  do  in  areas  such  as  security 
and  management.  And  Sun  needs  to  flesh  out 
its  xVM  virtualization  management  software, 
Bozman  said. 

Like  other  companies,  Sun  may  find  it  tough 
selling  new  cloud  infrastructure  products  at  a 
time  when  many  companies  are  cutting  back 
on  spending,  says  Nathan  Brookwood,  princi¬ 
pal  analyst  at  Insight64. 

“They  have  relationships  with  telecommuni¬ 
cations  and  service  providers,”  he  said,“so  to 
the  extent  they  can  find  any  of  those  with 
money  to  spend,  that  will  be  good  for  Sun.  ■ 


HP  gets  cost-conscious 
with  mgmt  software 
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Your  potential.  Our  passion. 
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Like  most  IT,  you've  got  whole  herds  of  servers  that  need  virtualizing. 
But  you  don't  need  some  premium-priced  solution  to  rope  'em  in. 
Get  Windows  Server"  2008  with  the  virtualizing  power  of  Hyper-V.  ' 

In  one  solution,  you  get  the  power  to  virtualize,  integrate  with  a  broad 
range  of  management  tools,  and  24/7  availability— all  for  a  refreshingly 
low  TCO.  Drink  in  the  details  at  ServerUnleashed.com 
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For  less  than 
high  performance1  multi 
terabyte2  storage  server 
with  software3  can  be 
built  to  serve  256 
current  users4  for  ADS 
Domain  Networks. 

'  ' 

Besides  high  performance,  award 
winning7  Synology  servers  are  quiet5, 
green6  and  rich  in  functions.  Jj|p<- 
ups  cannot  be  easier  with  the  ability 
of  backing  up  Windows®  computers 
using  Synology’s  Data  Replicator  3, 
and  supporting  the  ability  of  backing 
up  one  Synology  server  to  another,  or 
to  another  computer  using  rsync.  Re¬ 
mote  file  administration  is  easy  using 
the  web-based  Synology  File  Station. 
With  support  for  Windows,  Mac®,  and 
Linux  computers,  the  possibilities  are 
endless.  Please  see 
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1 .  Synology  DS508:  writes  at  30+MByte/Sec,  reads  at 
50+MByte/Sec,  RAID  5 

2.  Synology  DS508  with  5x500GB  HDD 

3.  Synology  OS  (DSM  2.0),  PC  Backup  Application 
(Data  Replicator  3),  Unlimited  Client  Access  Licenses 

4.  Max:  256  Concurrent  Users,  2048  Local  User  Ac¬ 
counts,  tested  on  domain  with  20,000  User  Accounts 

5.  Synology  DS508  Noise  Output:  26dbA  without  HDDs 

6.  Synology  DS508  Power  Consumption:  82  Watts 
Seeking  /  27  Watts  Hibernating 

7.  PCWorld  Best  Buy,  Nov’08-http://tinyurl.com/69twy2 

Copyright  C  2008  Synology  Inc.  All  rights  reserved  Appearance,  features,  and  specifications 
subject  to  change  w  ithout  notice  Synology*  and  other  names  of  Synology  Products  arc  pro¬ 
prietary  marls  or  registered  trademarks  of  Synology  Inc  Other  products  and  company  names 
mentioned  herein  are  trademarks  of  their  respective  holders. 


The  year  in  cybercrime 

Underground  botnet  markets,  high-profile  spam 
cases  headlined  the  year  in  tech  crime 


BY  BRAD  REED 

One  of  the  most  disturbing  cybercrime  trends 
in  2008,  many  security  analysts  say  has  been  the 
emergence  of  a  full-blown  underground  econo¬ 
my  in  which  credit  card  information,  identity 
theft  information,  and  spam  and  phishing  soft¬ 
ware  are  all  available  for  relatively  low  prices. 

Security  software  company  Symantec  became 
the  latest  company  to  raise  red  flags  about  what 
it  called  the  “underground  server”  economy  last 
month,  when  it  issued  a  report  estimating  that 
roughly  $276  million  worth  of  goods  and  infor¬ 
mation  is  available  on  online  black  markets. 
Credit  card  data  accounted  for  59%  of  the  infor¬ 
mation  available  for  sale  on  underground 
servers,  Symantec  reported,  with  identity  theft 
information  (16%), server  accounts  (10%), finan¬ 
cial  accounts  (8%)  and  spam  and  phishing  pro¬ 
grams  (6%)  trailing  far  behind. 

What’s  even  more  unnerving  than  the  avail¬ 
ability  of  this  information  is  its  low  price. 
According  to  Symantec,  bank  account  creden¬ 
tials  are  selling  for  $10  to  $1,000,  while  informa¬ 
tion  about  financial  Web  sites’ vulnerabilities  sell 
for  an  average  $740.  If  all  the  stolen  information 
available  on  the  servers  were  exploited  success¬ 
fully  it  would  bring  in  about  $5  billion, Symantec 
estimates. 

One  big  reason  this  data  is  more  widely  avail¬ 
able  is  that  writing  malicious  code  has  grown 
from  a  hobby  for  many  hackers  into  a  full-time 
job  where  code  writers  make  a  living  stealing 
information  and  selling  it  on  underground 
server  systems,  says  Dave  Marcus,  security  re¬ 
search  and  communications  manager  at 
McAfee  Avert  Labs. 

“Malware  used  to  be  written  for  bragging 
rights,”  Marcus  says.  “It  was  about  who  could 
write  the  fastest  worm  or  the  biggest  virus.  Now 
it’s  about  making  money  what  kind  of  data  or 
payload  you  can  get  from  a  machine,  and  what 
you  can  do  with  it.” 

As  malware  has  become  more  sophisticated,  it 
has  increased  its  reach  throughout  the  Internet. 
According  to  a  report  issued  by  Google  earlier 
this  year,  about  1.25%  of  all  Internet  search  re¬ 
sults  in  February  2008  contained  at  least  one 
malicious  URL,  a  large  increase  from  the  0.25% 
of  Internet  search  results  in  April  2007  that  con¬ 
tained  at  least  one  malicious  URL 

This  dramatic  jump  in  malicious  search  re¬ 
sults  has  coincided  with  several  security  firms 
reporting  enormous  jumps  in  malware  in¬ 
stances  in  recent  years.  Between  2006  and 
2007,  for  instance,  Symantec  reported  that  it 
detected  roughly  712,000  new  malicious  code 
threats,  a  468%  increase  from  the  125,000 
threats  detected  the  previous  year.  Spanish 
security  company  Panda  Security,  meanwhile, 
reported  that  malware  increased  by  800% 


between  2006  and  2007,  as  the  company 
detected  an  average  of  more  than  3,000  types 
of  malware  per  day  in  2007. 

The  spread  of  malware  and  underground 
servers  has  produced  some  devastating  results 
for  some  businesses  so  far:  The  U.S.  Department 
of  Justice  revealed  this  summer  that  a  group  of 
hackers  used  a  combination  of  wardriving,  snif¬ 
fer  software  and  SQL  injection  attacks  to  steal 
more  than  40  million  credit  and  debit  card  num¬ 
bers  from  TJX,  OfficeMax,  Barnes  &  Noble  and 
other  companies  and  store  them  on  under¬ 
ground  server  systems  in  the  United  States, 
Latvia  and  Ukraine. 

Spammers  in  the  spotlight 

2008  saw  major  developments  in  the  cases 
against  three  major  spammers  in  the  United 
States.  In  one  of  the  government’s  biggest  victo¬ 
ries  in  its  undeclared  war  against  spam,  Robert 
Soloway  was  sentenced  to  47  months  in  prison 
after  he  pleaded  guilty  to  fraud,  spamming  and 
tax  evasion  in  July 

Described  by  a  Microsoft  attorney  as  one  of  the 
world’s  10  worst  spammers  at  the  time  of  his 
arrest, Soloway  28,  was  first  sued  for  spamming  by 
Microsoft  in  2003.  Despite  losing  a  $7  million  civil 
judgment  to  Microsoft  in  2005,  he  continued  to 
send  out  massive  spam  until  his  arrest  in  May 
2007.  In  addition  to  being  sentenced  to  nearly 
four  years  in  jail,  he  will  have  to  serve  three  years 
of  probation  and  perform  200  hours  of  commu¬ 
nity  service. 

In  a  setback  for  federal  antispam  efforts,  how¬ 
ever,  the  Virginia  Supreme  Court  overturned  a 
state  antispam  law  and  the  2004  conviction  of 
Jeremy  Jaynes,  who  had  been  sentenced  to  nine 
years  in  jail  in  2004  for  sending  millions  of  unso¬ 
licited  spam  e-mails  every  day.  Because  the 
state’s  antispam  law  does  not  distinguish  be¬ 
tween  commercial  e-mails  and  political  or  reli¬ 
gious  emails,  the  court  ruled  that  it  “prohibits  the 
anonymous  transmission  of  all  unsolicited  bulk 
emails  including  those  containing  political,  reli¬ 
gious  or  other  speech  protected  by  the  First 
Amendment.”  Some  commentators,  such  as 
Network  World  columnist  Michael  Osterman, 
questioned  the  court’s  ruling,  pointing  out  that 
the  right  to  free  speech  should  not  be  translated 
as  a  right  to  be  heard  by  people  who  don’t  wish 
to  listen. 

“What  the  Virginia  Supreme  Court  did,  in 
essence,  is  to  bind  the  right  of  free  speech  with 
the  obligation  to  listen  to  or  otherwise  active¬ 
ly  deal  with  that  speech,” Osterman  wrote.“The 
Court,  by  ruling  that  a  spammer  has  a  right  to 
send  noncommercial  e-mails  to  anyone,  has  also 
ruled  implicitly  that  receivers  of  those  communi¬ 
cations  have  an  obligation  to  receive  them  or 

See  Cybercrime,  page  21 
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otherwise  deal  with  them  actively  by  delet¬ 
ing  the  messages, spend  money  on  spam  filters 
and  the  like.” 

One  spammer’s  saga  ended  in  tragedy  when 
fugitive  Eddie  Davidson  took  his  own  life  and 
those  of  his  wife  and  3-year-old  daughter  this 
summer  after  walking  away  from  a  minimum- 
security  federal  prison  camp  in  Colorado.  He 
had  been  sentenced  to  spend  21  months  in 
prison  and  pay  $714,139  in  restitution  to  the 
IRS  after  he  was  convicted  of  running  a  mas¬ 
sive  spam  operation  that  sent  e-mail  worldwide 
that  promoted  everything  from  perfumes  to 
penny  stocks.  Davidson  found  that  spamming 
on  behalf  of  third-party  companies  was  a 
lucrative  career:  He  had  earned  well  over  $3.5 
million  for  his  spamming  activities  from  2002 
to  2007,  court  papers  showed. 

Despite  these  spammers’  legal  troubles,  how¬ 
ever,  spam  levels  unsurprisingly  did  not  see  a 
significant  drop  for  most  of  the  year.  The  only 
time  spam  levels  saw  a  major  decline  this  year 
came  when  McColo  Corp.,a  company  that  has 
been  described  by  some  as  a  “rogue  ISFf  was 
disconnected  by  its  primary  Internet  pro¬ 
viders.  In  the  wake  of  McColo’s  shutdown, 
spam  messages  declined  by  as  much  as  75% 
—  although  spam  is  expected  to  climb  back 
up  to  its  normal  levels  as  spammers  search  for 
alternative  ways  to  access  botnets.  ■ 


The  year  in  arrests  and  convictions 

A  quick  look  at  the  year’s  high-profile  crime  stories 

1.  Robert  "The  Spam  King"  Soloway:  In  a  boon  for  e-mail  users  everywhere,  the  man 
whom  prosecutors  had  dubbed  "The  Spam  King"  was  sentenced  to  47  months  in  prison 
earlier  this  year  after  he  pleaded  guilty  to  fraud,  spamming  and  tax  evasion  in  July. 

2.  Randall  Craig,  military  identity  thief:  Craig,  a  41-year-old  Houston  man  who  worked  as 
a  private  contractor  at  a  San  Antonio  Marine  Reserve  Corps  Center,  pleaded  guilty  in 
May  to  exceeding  authorized  access  to  a  computer  and  aggravated  identity  theft  after 
he  sold  the  names  and  Social  Security  numbers  of  17,000  military  employees  to  an 
undercover  FBI  agent. 

3.  Terry  Childs,  alleged  San  Francisco  network  hijacker:  Childs,  a  42-year-old  employee 
of  the  San  Francisco  Department  ofTechnology,  was  arrested  in  July  for  allegedly  lock¬ 
ing  up  the  city’s  multimillion  dollar  computer  system  and  refusing  to  tell  police  how  to 
regain  access  to  the  network.Though  the  motives  for  Childs’  alleged  tampering  are  still 
officially  unknown,  city  officials  have  said  that  he  was  rigging  the  network  to  let  outside 
parties  monitor  city  traffic. 

4.  Christian  Sapsizian,  former  corrupt  Alcatel  exec: The  62-year- old  Sapsizian,  who 
worked  as  Alcatel's  deputy  vice  president  for  the  Latin  American  region  from  2000  to 
2004,  was  convicted  in  September  of  paying  out  $2.5  million  in  bribes  to  Costa  Rican 
officials  over  a  four-year  period  to  help  Alcatel  nail  down  a  $149  million  cellular  network 
deal. 

5.  David  Kernell,  alleged  Palin  hacker:  Kernell,  a  20-year-oldTennessee  man,  was  indicted 
in  October  for  allegedly  hacking  into  former  Republican  vice  presidential  candidate  Sarah 
Palin’s  e-mail  account.  He  has  pleaded  not  guilty  to  accessing  a  protected  computer. 
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on  the  PHP  scripting  language  and  used 
MySQL  as  the  database,  with  conventional 
database  tables  implementing  the  CDC  data 
requirements. 

But  when  the  trio  arrived  in  Zambia  for  a  two- 
week  field  evaluation, a  lot  of  the  original  ideas 
were  scrapped  or  transformed.  As  soon  as  they 
saw  the  initial  Web  interface  in  action,  staff 
with  the  Zambia  National  Blood  Transfusion 
Service  (NBTS)  realized  they  could  use  it  for 
more  than  quarterly  data  reports  to  CDC.They 
realized  instantly  it  would  be  good  for  actually 
managing  the  blood  supply  through  real-time 
data  collection, ’’Vempala  says. 

Regional  and  national  NBTS  directors  typi¬ 
cally  start  fielding  phone  calls  late  in  the  day 
from  hospitals  and  remote  blood  centers  that 
are  asking  for  blood. To  make  those  decisions, 
they  have  relied  on  a  purely  mental  picture  of 
the  available  blood  supplies  nationwide,  of 
demand  trends  and  historical  data,  and  trans¬ 
port  availability.  The  Web-monitoring  tool 
would  give  them  current,  accurate,  consistent 
data  on  blood  inventories. They  started  asking 
the  Georgia  Tech  team  for  more  data  fields,  and 


for  a  flock  of  summary  and  analytical  reports. 

That  led  to  a  new  database  design  to  make 
for  more  flexible  data  analysis  and  reporting. 

But  network  connections  were  highly  prob¬ 
lematic:  some  sites  had  none,  others  were 
dependent  on  low  bandwidth  dialup  or  satel¬ 
lite  links.  “One  blood  center  had  all  the  com¬ 
puting  equipment  but  no  Internet  access,” 
Osuntogun  says.  “Data  was  transferred  via  a 
flash  drive  handed  to  a  visiting  driver’’ 

That  “connection”  took  a  week. There  was  no 
fiber  connection  in  Zambia  to  the  outside 
world;  the  data  was  carried  on  satellites. 

“In  some  cases,  the  [network]  roundtrip  for  a 
request  was  5  seconds,”  Thomas  says.  “That 
could  make  downloading  a  Web  page  very 
painful.” 

But  the  team  also  found  that  computing  facil¬ 
ities  at  all  levels  were  fairly  advanced.The  most 
common  browser  was  a  version  of  Microsoft 
Internet  Explorer.  The  Web  application  was 
redesigned  with  extensive  use  of  advanced 
AJAX  function  calls.That  meant  the  initial  page 
could  load  quickly  and  users  could  begin 
working  while  the  function  calls  pulled  down 
additional  elements  in  the  background. 

The  redesign  also  added  the  ability  for  each 
office  to  customize  selected  parts  of  the  appli¬ 


cation  to  meet  local  requirements  for  data  col¬ 
lection  and  reporting.  Some  sites  collected 
weekly  data  on  blood  collections  but  monthly 
data  on  distribution,  for  example.  The  new 
design  also  let  users  delegate  roles  and  respon¬ 
sibilities  to  users  in  the  reporting  chain. 

“It  was  an  ‘ah-ha’  moment,”  Thomas  recalls. 
“We’d  been  working  with  the  CDC  in  Atlanta, 
with  specific  goals  in  mind.  But  the  CDC 
weren’t  the  people  actually  using  the  applica¬ 
tion.  In  Zambia,  we  met  people  who  would  use 
it  day  in  and  day  out.  That  changed  our  per¬ 
spective.” 

Osuntogun  and  Thomas  hope  to  improve  the 
application  by  adding  forecasting  capabilities 
that  can  factor  in  a  range  of  variables,  includ¬ 
ing  the  increased  difficulty  and  time  for  blood 
transport  during  the  rainy  season. 

On  Jan.  1,  ministries  of  health  in  14  African 
nations,  from  Botswana  to  Zambia,  will  start 
using  the  Web-based  tracking  application. 
Osuntogun  and  Thomas  have  met  with  officials 
of  the  United  Nation’s  World  Health  Organ¬ 
ization,  after  some  WHO  staff  saw  their  project 
presentation  at  the  American  Association  of 
Blood  Banks  conference  in  Montreal.  WHO  is 
weighing  the  use  of  the  application  for  world¬ 
wide  reporting  on  blood  safety  ■ 


Cloud  computing  in  a  bubble  economy 


Cloud  computing  is  the  IT  world’s  latest  hot 
topic,  and  it’s  no  secret  why  In  tough 
times,  when  capital  expenditure  budgets 
are  under  severe  pressure,  any  pay-per-use  solu¬ 
tion  looks  like  a  winner. 

If  you  give  enterprises  a  credible  outsourced 
alternative  to  their  internal  platforms  and  ap¬ 
plications  —  one  that  requires  no  capital  out¬ 
lays,  long-term  contracts,  data-center  infra¬ 
structure  or  internal  IT  staff  —  users  can  scale 
that  service  up  or  down  as  their  needs  and  for¬ 
tunes  expand  or  contract. 

Clearly  cloud  computing  —  as  a  purely  on- 
demand  service-delivery  model  —  is  tailor- 
made  for  a  bubble  economy  In  a  bubble  economy  volatility  rules, 
prices  fluctuate  wildly,  and  acute  uncertainty  and  risk  permeate  every¬ 
thing.  Even  more  distressing,  this  dynamic  new  order  can  destroy  estab¬ 
lished  industries,  vendors,  business  models  and  investment  portfolios 
with  sudden,  sickening  speed. 

As  we’ve  seen  in  the  financial  and  automotive  industries,  valuations 
can  collapse  overnight,  thereby  dislocating  lives,  careers  and  communi¬ 
ties  without  much  warning.  As  the  economic  outlook  deteriorates,  sur¬ 
vival  strategies  and  last-ditch  tactics  —  such  as  shotgun  mergers  — 
quickly  preempt  sound  business  planning. 

Yes,  on-demand  services  contribute  to  innovation,  efficiency  and 
agility  throughout  the  IT  world.  But  fast-bubbling  start-ups  can  also  mor¬ 
tally  wound  established  IT  vendors  before  they  know  what  hit  them. 
And  this  same  process  can  just  as  rapidly  doom  the  disruptors  them¬ 
selves  —  whenever  the  next  cloud  of  fresh  bubbles  emerges  to  suck 
away  their  oxygen. 

Excessive  business  risk  is  the  thunderclap  inside  the  world  of 
cloud  computing,  and  it  can  zap  IT  suppliers  and  users  with  equal 
devastation.  If  you’ve  invested  in  a  traditional  IT  solution  that  now 
confronts  a  significantly  more  cost-effective  cloud-based  rival, 
you’ll  be  hard-pressed  to  survive  if  one  of  your  competitors  has 


leveraged  that  alternative  to  pare  its  cost  structure  to  the  bone. 

And  if  you’re  counting  on  your  established  IT  vendor  to  migrate  you 
gracefully  into  its  own  emerging  cloud-based  environment,  think  again. 
Focusing  on  short-term  financial  results,  its  shareholders  are  demand¬ 
ing  that  it  leverage  the  traditional  cash  cow  of  software  license  fees 
and  maintenance  revenue  to  the  hilt.To  the  extent  that  your  traditional 
IT  supplier  encourages  you  to  adopt  its  new  cloud-based  offering,  it 
will  often  be  just  a  last-ditch  effort  to  hold  onto  your  business. 

When  looking  at  the  cloud-computing  horizon,  no  two  IT  industry 
observers  agree  on  which  solution  vendors  will  ultimately  prevail  — 
How  will  Oracle,  HBIBM,  Microsoft,  Cisco,  EMC,  SAEand  other  blue- 
chips  weather  this  chaotic  cloud  front  of  tornadic  start-ups? 

Yes,  the  big  guys  all  have  their  cloud  initiatives,  to  varying  degrees  of 
maturity.  But  they  all  tremble  before  the  possibility  that  such  cloud- 
based  pure-plays  as  Google,  Amazon.com,  Salesforce.com  or  Akamai 
will  lure  away  customers  with  more  flexible,  lower-cost  offerings. 

Established  IT  vendors  are  trying  a  bit  of  everything  to  keep  their 
core  businesses  from  slipping  away.  Fundamentally,  they’re  all 
approaching  cloud  computing  as  a  sort  of  Venn-style  conceptual  bub¬ 
ble  diagram,  one  that  converges  software-as-a-service, service-oriented 
architecture,  virtualization,  utility  computing,  outsourcing,  open  source, 
Web  2.0, social  networking  and  pretty  much  every  other  IT  trend  of  the 
past  10  years.  What  the  incumbents  hope  is  that  some  magic  synthesis 
of  these  approaches  will  help  them  hang  on  through  this  turbulence 
and  prevail  into  the  next  era. 

We  all  know  the  IT  industry  is  in  the  throes  of  a  major  shakeout  and 
some  familiar  names  may  not  survive  much  longer.  We  may  have  to 
endure  our  fair  share  of  shotgun  mergers  among  veteran  IT  providers 
before  we  see  the  end  of  today’s  perfect  storm.  Silver  linings  are  there 
in  today’s  increasingly  cloud-oriented  environment,  but  they’re  hard  to 
glimpse  through  the  layers  of  macroeconomic  gloom. 

Kobielus  is  a  senior  analyst  at  Forrester  Research  in  Alexandria,  Va. 

The  opinions  expressed  are  his  own.  E-mail  him  at  jkobielus@for 
rester.com. 
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Bashing  Google:  for  fun  or  for  profit? 


Ido  not  know  Scott  Cleland,  but  I’ve  seen  his 
blog  postings  from  time  to  time.  I  rarely  read 
them,  mostly  because  their  titles  tend  to  put 
me  off,  but  I  did  read  through  his  latest  because 
of  the  title  (“Google  uses  21  times  more  band¬ 
width  than  it  pays  for  —  per  first-ever  research 
study”). 

It  seemed  —  to  say  the  least  -  improbable, 
and  I  wasn’t  all  that  impressed.  Among  his  fail¬ 
ures,  this  other  Scott  seems  to  think  that  I  do 
not  want  the  Internet  when  I  buy  an  Internet 
connection. 

Cleland’s  Web  site  is  well  titled:“The  Precursor’s  Blog:  Forward  Think¬ 
ing  at  the  Nexus  of  Policy  Markets  and  Change.”  At  least  on  this  site,  he 
seems  to  be  a  one-and-a-half-trick  pony  however.  Most  of  his  postings 
concern  Google  or  network  neutrality  both  of  which  he  is  quite  vehe¬ 
mently  against.  I  read  through  the  posted  titles  in  his  archive,  and  two- 
thirds  of  the  250  or  so  postings  that  go  back  to  March  concern  Google, 
and  about  one-sixth  concern  network  neutrality 
It  took  me  a  while,  but  I  did  find  some  information  linked  off  the  Web 
site  that  may  hint  as  to  why  Cleland  focuses  on  the  topics  he  does.  If 
you  click  on  the  Disclaimer  and  Privacy  Policy  link  at  the  bottom  of  the 
page,  you  are  taken  to  the  privacy  statement  for  NETCompetition.org. 
Clicking  on  the  About  Us  link  on  that  page  brings  you  to  another  page 
that  states  that  their  mission  is  to  “create  a  forum  to  promote  competi¬ 
tive  Internet  choices  for  consumers  through  an  open,  rigorous,  and  illu¬ 
minating  discussion  and  debate  of  ‘net  neutrality’  legislation/regula- 
tion.”The  page  also  has  a  list  of  the  members  of  NETCompetition.org, 
which  include  all  the  major  telephone  and  cable  companies.  Cleland 
is  chairman  of  the  organization. 

So,  it  looks  like  bashing  Google  is  an  occupation  rather  than  an  avo¬ 
cation  for  Cleland. 

Regular  readers  of  this  column  know  that  I  have  real  problems  with 


some  of  what  Google  does  —  mostly  concerning  its  insistence  that  it 
knows  better  than  I  do  what  is  good  for  me  and  my  privacy  But  I  doubt 
that  any  of  my  readers  think  that  I’m  paid  based  on  how  much  I  criti¬ 
cize  any  of  the  targets  of  my  columns. 

Now,  back  to  the  Cleland  column  that  caught  my  eye.  Google’s  steal¬ 
ing  Internet  capacity  certainly  would  be  a  naughty  thing  to  do,  but  the 
referenced  research  study  has  some  basic  problems. 

The  study  report,  written  by  Cleland,  tries  to  figure  out  how  much 
bandwidth  Google  uses  and  how  much  the  company  pays  for  it. The 
report  notes  that  Google  does  not  report  how  much  bandwidth  it  buys 
or  how  much  it  pays  ISPs  for  service,  but  he  guesses  at  both  based  on 
other  Google  reports,  and  guesses  at  Internet  traffic  extrapolation  from 
a  Cisco  report  on  types  of  traffic. 

What  the  report  misses  is  that  there  is  another  end  for  the  Google 
bandwidth  use.  When  Google  crawls  my  Web  site,  the  source  of  trans¬ 
ferred  data  is  my  site.  When  I  watch  a  YouTube  video,  my  computer  is 
the  destination  of  the  transferred  data.  Apparently  Cleland  does  not 
realize  that  I  pay  for  my  Internet  connection,  because  he  does  not  fac¬ 
tor  that  into  the  money  being  spent  on  “Google  bandwidth.” 

I  pay  for  a  connection  to  the  Internet,  and  in  doing  so,  I  pay  for  the 
ability  to  connect  to  and  transfer  data  to  and  from  such  services  as 
Google.  So  does  everyone  who  buys  an  Internet  connection,  including 
Cleland.  If  one  were  to  account  honestly  for  payments  relating  to  the 
Google  bandwidth,  one  would  have  to  include  the  percentage  of  my 
—  and  his  —  Internet  bill  that  goes  to  communicating  with  Google.  It 
takes  two  to  tango  and,  in  this  case,  two  pay  the  piper. 

Disclaimer:  Harvard  has  several  student  dance  companies,  and  I 
expect  that  two  can  tango  in  at  least  some  of  them;  but  neither  they 
nor  the  university  has  expressed  an  opinion  on  Cleland’s  dancing 
skills.  So,  the  above  is  mine. 

Bradner  is  Harvard  University's  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 
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TECH  UPDATE 

An  inside  look  at  technologies  and  standards 


Document  capture,  routing  benefits 


With  companies  looking  to  increase  efficiencies,  reduce  costs  and 
become  greener,  are  paper  documents  finally  heading  to  their 
long-predicted  obsolescence?  No,  but  document-capture  and  rout¬ 
ing  technologies  can  provide  many  of  the  desired  benefits. 


Contrary  to  some  projections,  paper  docu¬ 
ments  are  not  going  away  Rather,  a  new  gener¬ 
ation  of  technologies  —  centering  on  docu¬ 
ment  capture  and  routing  —  is  steadily  emerg¬ 
ing  to  enable  organizations  to  reduce  their  use 
of  paper  while  increasing  productivity,  acceler¬ 
ating  business  processes,  improving  compli¬ 
ance  with  regulatory  requirements,  and 
strengthening  disaster-recovery  and  green 
business  initiatives. 

Document  capture  and  routing  is  an  effi¬ 
cient,  flexible  way  to  capture,  transform  and 
move  paper  and  electronic  documents 
among  people,  places  and  formats.  It  starts 
with  the  ubiquitous  networked  multifunction 
peripheral  (MFP)  —  the  new  breed  of  copy 
machine  —  and  provides  an  “any-to-many” 
way  to  scan  and  distribute  electronic  versions 
of  paper  documents  to  multiple  destinations 
in  multiple  formats. 

At  the  simplest  level,  a  knowledge  worker 
takes  a  signed  contract  to  an  MFP  and  scans  it 
to  create  a  digital  version.  A  document-han¬ 
dling  application  then  converts  the  scan  into  a 
Microsoft  Word  document  or  text-searchable 
Adobe  PDF  file,  and  e-mails  it  to  the  worker’s 
preferred  destination  (for  example,  a  network 
folder,  e-mail  in-box  or  fax  number). 

The  power  of  document  capture  and  routing 
becomes  more  apparent  when  a  team  of  peo¬ 
ple  are  working  on  a  client  or  project.  All  con¬ 
tent  related  to  their  work  can  be  captured  by 
the  MFRcollected  and  consolidated  into  a  sin¬ 
gle,  central  and  secure  document-manage¬ 
ment  system  that  enables  distributed  teams  to 
share  information  and  collaborate. 

That  makes  it  unnecessary  to  make  multiple 
copies  (with  the  associated  security  risks), 
reduces  courier  and  shipping  costs,  cuts  the 
use  of  printer  consumables  such  as  ink  and 
toner,  and  increases  information  accessibility 
throughout  the  organization.  For  enterprises 
considering  document  capture  or  scanning, 
the  MFP  is  the  core  capture  device,  because 
the  new  copier-class  and  printer-class  MFPs 
have  the  right  mix  of  feature-rich  sophistica¬ 
tion,  usability  and  cost-effectiveness  to  support 
broad  deployment. 

But  MFPs  must  be  supported  by  a  software- 
based  infrastructure  to  enable  post-capture 
document-processing.  This  software  centrally 
controls  and  manages  the  document  conver¬ 
sion,  compression,  routing,  auditing  and  more. 
This  layer  acts  as  a  “many-to-many”  hub,  sup¬ 
porting  n  devices  and  n  destinations. 


Destinations  are  the  recipients  of  a  docu¬ 
ment, whether  that  is  a  network  printer  or  fold¬ 
er,  e-mail,  fax  or  a  more  sophisticated  enter¬ 
prise  content-management  (ECM)  system  or 
document-management  system  (DMS). 

Every  user  in  the  company  should  be  able  to 
select  simple  scan  settings,  convert  file  formats 
or  perform  optical  character-recognition  and 
route  the  scanned  output  to  their  own  e-mail 
address  or  a  fax  number.  Those  user  instruc¬ 
tions  —  sometimes  called  “routing  rules” —  can 
be  defined, saved  and  executed  using  a  routing 
sheet  (like  a  fax  cover  sheet)  or  directly 
entered  on  a  display  panel  at  the  MFP 

Other  users,  departments  and  groups  may 
require  advanced  functions,  more  sophisti¬ 
cated  features  and  specific  workflows. These 
include  integration  with  enterprise  informa¬ 
tion  systems  (including  ERP  ECM  or  specific 
vertical  applications);  archiving;  audit  logging; 
support  for  e-forms  and  bar  codes;  and  elec¬ 
tronic  signatures.  This  is  all  available  through 
today’s  enterprise-class  MFPs  and  document 
capture  and  handling  software. 

Efficiently  and  effectively  handling  massive 
volumes  of  documents  reliably  and  consis¬ 
tently  across  disparate  geographies  and  dis¬ 
tributed  groups  of  virtual  users  mandates  a  set 
of  key  requirements: 

•  Manageability  —  The  architecture  must 
support  centralized  management  while  en¬ 
abling  decentralized  document  capture.  From 
an  administrative  perspective,  the  right  solution 
should  take  full  advantage  of  Microsoft  man¬ 
agement  tools  such  as  Windows  event  logs,  per¬ 
formance  monitors  and  Windows  consoles. 
This  enables  an  organization  to  configure  unat¬ 
tended,  low-maintenance  operations  and  re¬ 
ceive  exception  notifications  and  alerts. 

•  Reliability  —  There’s  no  tolerance  for  an 
application  failure  that  could  leave  thousands 
of  employees  unable  to  print,  fax  or  scan  doc¬ 
uments.  There  should  be  built-in  failover  so  if 
the  primary  system  fails,  a  secondary  resource 
takes  over.  A  SQL-based  message  queue  work¬ 
ing  with  a  reliable  database-management  sys¬ 
tem  should  store  the  state  of  jobs  in  SQL  tables. 
That  way  if  problem  occurs,  it  can  quickly  roll 
back  to  the  last  known  state  and  restart  the 
process. 

•  Scalability  —  Being  able  to  scale  and  find 
synergies  with  other  paper-based-capture 
needs  is  important. As  companies  see  the  value 
of  document  capture,  their  volumes  can  dou¬ 
ble.  Component-based  solutions  can  plug  in 


new  components  to  meet  escalating  demand. 

•  Security  —  From  a  technical  and  user  per¬ 
spective,  an  audit  trail  lets  the  organization 
track  who  did  what,  when,  where  and  with 
what  documents. 

•  Flexibility  —  Organizations  change  fre¬ 
quently  For  example,  document-capture  solu¬ 
tions  must  be  flexible  enough  to  work  with 
Microsoft  Exchange  today  and  IBM  Lotus 
Notes  tomorrow.  Selecting  a  document-cap¬ 
ture  solution  that  works  with  virtually  all  sys¬ 
tems  —  in  tightly  integrated  environments  or 
open  architectures  —  will  reduce  overall  costs. 

•  Cost  effectiveness  —  Solutions  that  cen¬ 
tralize  and  streamline  document-capture  pro¬ 
cesses  can  yield  significant  savings,  especially 
when  the  product  provides  a  total  package.  For 
example,  submitting  documents  to  a  DMS  in 
an  indexable  format  allows  faster  searches  and 
quicker  document  retrieval  and  saves  time, 
which  increases  staff  efficiency  Adding  a  net¬ 
work  fax  function  can  eliminate  significant 
phone-line,  maintenance,  and  paper  and  toner 
costs.  Turning  a  paper  document  into  a  com¬ 
pressed,  searchable  PDF  that  can  be  e-mailed 
(vs.  sent  in  expedited  delivery)  also  can  save 
organizations  considerably 

•  Control  —  By  requiring  authentication  at 
the  MFP  companies  can  role-restrict  access  to 
features  and  personalize  the  user  experience. 
For  instance,  Joe  can  use  color-copying  or 
color-printing  features  and  send  long-distance 
faxes,  but  Bob  can’t.  This  also  permits  charge- 
back  cost-recovery.  A  company  might  permit 
certain  users  to  scan  to  their  own  e-mail 
address.  Others  might  be  allowed  to  scan  into 
SharePoint  or  Documentum  or  scan  to  multi¬ 
ple  distributions  and  destinations. 

For  enterprises  that  embrace  document  cap¬ 
ture  and  routing,  the  payoffs  are  considerable. 
First,  business  processes  are  faster  and  less 
expensive  because  worker  productivity  in¬ 
creases.  Documents  and  their  information  are 
accessible  around  the  office  and  worldwide. 
Compliance  with  security  and  privacy  frame¬ 
works  is  enhanced,  and  it’s  easier  to  reduce 
the  amount  of  paper,  toner,  ink  and  floor  space 
consumed  when  documents  are  moved  to 
electronic  systems.  By  embracing  green 
motives,  businesses  achieve  a  solid  ROI  and 
greater  efficiency 

Bouchard  is  chief  technology  officer  of 
Omtool. 


This  vendor-written  tech  primer  has  been 
edited  by  Network  World  to  eliminate  prod¬ 
uct  promotion,  but  readers  should  note  it 
will  likely  favor  the  submitter's  approach. 
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Migrating  MapPoint  Pushpins 


Mark  Gibbs 


Last  week  I  started  to  discuss  extracting  push¬ 
pin  data  from  Microsoft  MapPoint  2004. 
Pushpins  in  MapPoint  are  markers  you  can 
place  anywhere  on  a  MapPoint  map.  There  are 
several  hundred  visual  styles  to  choose  from 
GEARHEAD  and  they  can  name  a  location  or  you  can  add 
more  text, URLs, and  links  to  local  or  remote  files. 

Pushpins  are  created  through  the  MapPoint  in¬ 
terface,  or  can  be  imported  from  Excel  or 
comma-separated-value  files.  They  also  can  be  assigned  to  categories, 
what  MapPoint  calls  “sets.” 

Here’s  where  we  meet  our  first  problem.  Moving  pushpins  among  sets 
can  be  done  only  by  editing  the  properties  for  each  one  individually  This 
makes  for  a  very  tedious  job  when  you  have  many  pushpins  to  change; 
and  when  you  export  pushpins  to  Excel,  they’ll  be  listed  on  multiple 
spreadsheets  if  you  don’t  consolidate  them  all  —  a  different  sheet  for 
each  set  of  pushpins  created  in  a  different  session. 

There’s  a  bigger  problem  with  exporting  to  Excel,  however:  The 
exported  data  doesn’t  include  the  latitude  and  longitude  of  each  pin. 
This  is  ridiculous.  You  have  to  wonder  how  the  engineers  could  be  so 
naive  as  to  not  allow  the  export  of  the  most  important  data  of  all. 

The  reason  I  found  myself  needing  to  extract  my  MapPoint  pushpins’ 
is  I  want  to  export  them  to  Google  Maps.  Once  they’re  moved,  I  will  be 
able  not  only  to  view  them  from  anywhere  1  can  get  access  to  a  com¬ 
puter,  but  also  to  publish  them  for  other  people  to  use. 

Anyway  I  just  found  a  tool  that  will  export  MapPoint  pushpins  with 
their  names  and  their  latitude  and  longitude:  It’s  called  Pushpin  Tools, 
and  is  available  for  a  very  reasonable  $75. 

Pushpin  Tools  has  some  neat  features  that  help  manage  the  MapPoint 
environment,  such  as  the  ability  to  open  or  close  all  pushpin-label  bal¬ 


loons  or  set  them  all  to  display  only  a  pushpin’s  name  field.  What  really 
matters,  however,  is  Pushpin  Tool’s  ability  to  export. 

You  can  export  any  specific,  single  set  of  pushpins  or  select  all  push¬ 
pins  (“all  pushpins”  is  another  concept  that  Microsoft  engineers  appear 
to  have  not  understood);  with  a  click  of  your  mouse,  voila!  All  your  push¬ 
pin  data  will  be  in  Excel  awaiting  manipulation. 

But  if  you  wish  to  migrate  your  pushpins  to  Google  Maps,  you’ll  need 
to  do  a  little  work  to  convert  your  Excel  data  to  Google’s  KML  format. 

Converting  to  KML  is  actually  pretty  easy  because  your  Pushpin  Tools 
data  consists  of  a  line  for  each  pushpin  with  separate  fields  for  pushpin 
name,  latitude  and  longitude. 

KML  defines  entities  called  “placemarks”  (essentially  the  same  concept 
as  pushpins)  that  need  to  be  in  the  following  format: 

<?xml  version=" 1 . 0"  encoding="UTF-8" ?> 

<kml  xmlns="http : //www. opengis .net/kml/2 .2" > 
<Placemark> 

<name  >  PI acemark_name_t  ext  < /name  > 
<description>Description_t ext < /descript ion> 
<Point> 

<coordinates> longitude , latitude , altitude</coor 
dinates> 

</Point> 

</Placemark> 

</kml> 

The  code  above  is  almost  the  simplest  form  of  a  KML  file  —  the  only 
simpler  form  would  leave  out  the  description  tags. 

Modifying  your  Pushpin  Tools-generated  spreadsheet  to  create  KML 
content  is  straightforward,  and  Google  has  a  good  online  tutorial. 

Send  your  coordinates  to  gearhead@gibbs.com. 


Expand  your  DVR;  clean  up  your  PC 


The  scoop:  My  DVR  Expander, 
by  Western  Digital,  about  $150. 

What  it  is:  A  500GB  external 
hard  drive  that  connects  to  TiVo 
and  Scientific  Atlanta-based  dig¬ 
ital  video  recorders  to  provide 
additional  storage  space  for  the 

_  media  content  recorded  on  the 

DVRs.The  device  is  powered  by 
an  AC  power  adapter  and  connects  via  eSATA  cable  to 
the  active  eSATA  port  on  the  DVR. 

Why  it’s  cool:  Connecting  this  device  helps  eliminate 
one  of  the  biggest  problems  with  set-top  DVRs 
like  the  TiVo  —  the  regular  process  of  picking 


COOLTOOLS 


and  choosing  which  programs  you  need  to 
delete  to  save  space  for  future  shows  you’d  like 
to  record.With  the  higher  capacities  needed  to 
save  recorded  high-definition  content,  having 
a  device  like  the  My  DVR  Expander  makes  even  more  sense. 

The  device  was  easy  to  connect  —  1  just  powered  it  up  and  connected 
via  the  provided  eSATA  cable.  After  a  false  start  (see  below),  I  was  able 
to  get  the  DVR  to  recognize  the  device  and  add  its  500GB  to  the  built-in 
storage  on  the  DVR.  Before  connecting  the  device,  my  DVR  was  67%  full, 
with  59  recordings. After  connecting,!  was  15%  full, with  the  same  num¬ 
ber  of  recordings. 

Some  caveats:  1  tested  this  with  my  Scientific  Atlanta  Explorer  8300  HD 
system,  not  a  TiVo,  so  your  experiences  may  differ.  On  the  Scientific 
Atlanta  box,  unplugging  the  DVR,  then  rebooting  the  system  makes  it  go 
through  a  slow  refresh  period.  On  my  first  connection  attempt,  I  was 
asked  to  reformat  the  external  device;  after  I  agreed,  the  capacity  on  my 
DVR  remained  the  same.  A  second  attempt  at  disconnecting  and  recon- 


My  DVR 
Expander 
provides 
additional 
storage  to  TiVo. 


necting  got  the  device  to  work  correctly 
Grade:  ★★★★  (out  of  five). 

The  scoop:  System  Mechanic  (Version  8.5),  by 
iolo  Technologies,  about  $35  (covers  one  year  of 
service  updates). 

What  it  is:  This  software  gives  you  utilities  to  help 
boost  your  computer’s  speed,  diagnose  and  fix  prob¬ 
lems,  and  clean  up  the  clutter  that  can  build  up  after 
lots  of  use.  The  software  provides  a  quick  analysis  of 
system  problems,  lets  you  dig  deeper  into  them  and 
provides  individual  tools  to  help  clean  up  your  system. 
Why  it’s  cool:  In  my  role  as  Cool  Tools  columnist,  I’m 
constantly  installing  and  uninstalling  programs,  and  that 
tends  to  drag  down  my  computer.  Most  programs  seem  to 
do  a  good  job  when  they  get  uninstalled,  but  sometimes 
they  don’t,  and  you’re  left  with  unneeded  junk.  After  the 
System  Mechanic  was  installed  on  my  system,  a  quick  two- 
minute  analysis  came  up  with  eight  problems  that  read  like  the“12 
Days  of  Christmas”  song.  I  had  21  repairable  security  vulnerabilities,  402 
Registry  problems,  4.54GB  of  system  clutter,  five  unnecessary  start-up 
items  and  a  registry  that  wasn’t  backed  up.  Luckily,  cleaning  up  the  sys¬ 
tem  didn’t  take  long,  and  within  45  minutes  of  my  first  analysis,  I  had  a 
cleaner  system.  The  system  also  includes  iolo’s  ActiveCare  software, 
which  runs  in  the  background  to  keep  the  PC  optimized. 

Some  caveats:  Some  quirky  things  on  my  PC  still  existed  after  I  ran 
System  Mechanic,  and  the  system  said  Windows  Firewall  wasn’t  enabled 
but  couldn’t  recognize  my  other  firewall  and  antivirus  programs. 

Grade:  ★★★★★ 

Shaw  can  be  reached  at  kshaw@nww.com. 
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AUTHENTICATION 


Token  resistance 


Complex  biometrics  and  hardware  tokens  fail  to  win  widespread  acceptance; 
less  obtrusive,  behind-the-scenes  authentication  methods  gain  traction 


BY  JEFF  VANCE 


he  need  for  strong  authentication  to  protect 
online  transactions  and  comply  with  new  regu¬ 
lations  spawned  a  host  of  start-ups  over  the  ' 
past  couple  of  years  that  offer  exotic  types  of 
two-factor  authentication. 


Authentication  goes  undercover 

Online  companies  nevertheless  are  doing  more 
to  make  sure  people  are  who  they  say  they  are  — 
they’re  just  doing  it  behind  the  scenes.  The  most 
common  tool  is  device  recognition,  usually  a 
combination  of  a  cookie  or  Rash  object  and 
other  device  specifics,  such  as  IP  address,  time- 
See  Authentication,  page  30 


Last  year,  we  profiled  several  of  those  companies  (see  www.nw 
docfinder.com/7921),  which  used  such  techniques  as  fingerprint  scanners, 
facial  recognition,  biometric  authentication  based  on  typing  patterns, and  “cog¬ 
nitive  biometrics,” which  relies  on  a  person’s  memories  of  unique  events  in  life. 

Those  complex  authentication  methods  failed  to  gain  broad  adoption,  how¬ 
ever,  and  many  of  those  companies  are  no  longer  around.  Hardware-based 
tokens, which  have  been  around  forever, have  failed  to  win  many  converts.And 
plain  old  user  name  and  password, once  thought  to  be  an  endangered  species, 
is  very  much  alive. 

So,  what  happened? 

OUR  RETAIL  CUSTOMERS 
ARE  RESISTANT  TO  BEING 
FORCED  TO  KEEP  TRACK  OF 
YET  ANOTHER  THING.” 


Apparently,  banks  and  other 
online  companies  decided  that 
upsetting  customers  with  con¬ 
voluted  authentication  meth¬ 
ods  was  a  price  they  weren’t 
willing  to  pay  So,  from  a  cus¬ 
tomer  perspective,  very  little 
has  changed. 

“If  they  experience  anything 
besides  passwords  —  and 
many  don’t  —  consumers  typi¬ 
cally  encounter  knowledge-based  authentication,”  says  Mark  Diodati, 
senior  analyst  of  identity  and  privacy  strategies  for  the  Burton 
Group.  Examples  of  this  kind  of  authentication  would  be 
asking  a  consumer  the  name  of  his  favorite  pet  or  the 
name  of  the  high  school  she  attended. 


JAMIE  ASHFIELD,  SVP  OF  E-COMMERCE 
SECURITY  STRATEGY  AND  DEVELOPMENT, 
BANK  OF  AMERICA 
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zone  setting,  and  operating  system  and  browser.  In  theory  these  pro¬ 
vide  a  second  factor  in  the  something-you-know,something-you-have, 
someth ing-you-are  authentication  matrix.  Your  computer’s  settings 
are  something  you  have,  while  the  challenge  questions  cover  some¬ 
thing  you  know. 

Other  types  of  behind-the-scenes  protection,  while  not  technically 
authentication  factors,  include  geolocation  and  transaction  monitor¬ 
ing.  Geolocation  restricts  online  activities  to  locations  where  cus¬ 
tomers  typically  conduct  business.  Combined  with  proxy  detection, 
geolocation  is  a  strong  form  of  fraud  protection  —  that  bank  transfer 
to  (or  from)  Kenya  or  Uzbekistan  will  be  tagged  as  very  high-risk  and 
may  be  blocked. 

Transaction  monitoring,  at  its  most  basic,  targets  activities  that  are 
known  to  be  typical  of  fraud.  More  sophisticated  systems,  such  as 
those  from  Arcot  Systems,  Entrust,  RSA,  and  VeriSign,  develop  profiles 
over  time  for  individual  users’  behavior. 

“The  classic  manifestation  of  risk  analytics  is  passive  from  the  con¬ 
sumer’s  perspective,”  Diodati  says.“What  gets  flagged  are  anomalies.” 

Most  people  have  established  banking  patterns.  They  log  on  from 
specific  devices  and  locations. They  make  withdrawals  within  a  cer¬ 
tain  dollar  range.They  pay  the  same  bills  every  month. They  take  out 
large  chunks  of  money  a  couple  of  times  a  year  for  vacations. Their 
behavior  is  predictable.  If  they  break  their  normal  patterns,  however, 
they  will  be  asked  to  further  authenticate  themselves. 


Bank  of  America’s  SafePass 

This  is  exactly  what  Bank  of  America  (BofA)  is  doing  with  SafePass, 
an  optional  multifactor  authentication  program.  Customers  who  sign 
up  for  SafePass  get  a  one-time  passcode  (OTP)  sent  as  a  text  message 
to  their  mobile  phone. 

BofA  is  a  top  online-banking  site,  with  22  million  subscribers  and 
1 1.6  million  people  paying  bills  online.  Its  SiteKey  system  is  the  de 
facto  industry  standard  for  front-door  online-banking  authentication. 
The  system  combines  standard  user  names  and  passwords  with  an 
image  that  is  seen  at  logon  to  prevent  phishing,  plus  challenge  ques¬ 
tions  and  device  authentication. 

Why  use  mobile  phones  as  an  additional  authentication  factor? 
“Our  retail  customers  are  resistant  to  being  forced  to  keep  track  of  yet 
another  thing, ’’says  Jamie  Ashfield.the  bank’s  senior  vice  president  of 


Bank  of  America's  SafePass  system  uses  multiple  levels  of  au¬ 
thentication.  For  activities  with  the  highest  risk,  such  as  transferring 
large  amounts  of  money,  one-time  passwords  are  required. 


e-commerce  security  strategy  and  development.“The  big  message  we 
got  over  and  over  again  was  to  put  any  additional  security  layers  into 
something  people  already  have.” 

The  mobile  phone  was  an  obvious  choice,  and  most  security 
experts  consider  out-of-band  authentication  as  a  strong  additional 
factor.  In  September,  BofA  began  offering  a  second  OTP  option,  a 
credit-card-sized  OTP  generator.  For  now,  the  OTP  card  is  “yet  another 
thing,”  but  expect  to  see  these  integrated  with  automated  teller 
machines  and  credit  cards  soon.  (The  bank  declined  to  name  the 
vendors  it  uses  for  its  security  solutions.) 

Today,  SafePass  is  optional,  but  higher-risk  activities  are  being 
used  to  drive  adoption. Logging  on  from  a  new  device, adding  new 
payees  or  transferring  large  sums  of  money  can’t  be  executed 
immediately  without  an  OTP  “SafePass  interacts  with  SiteKey. 
Instead  of  using  two-factor  for  every  sign-in,  we’ve  learned  that 
most  transactions  are  low  risk,  so  we  tie  stronger  authentication  to 
high-risk  activities,”  Ashfield  says. 

David  Shroyer,  senior  vice  president,  product  manager,  Online 
Security  &  Enrollment  at  BofA,  argues  that  two-factor  authentication 
is  a  small  piece  of  the  security  puzzle.  It’s  effective  against  some  types 
of  fraud  but  not  others.“Nothing  is  bulletproof,  but  the  foundation  of 
our  approach  is  the  ability  to  learn.  Something  might  slip  through 
today  but  it  won’t  happen  again  because  we’ve  seen  it  before,”  he 
says.“The  real  beauty  of  this  approach  is  applying  what  you  learned 
from  transactional  and  operational  risk-detection  strategies  back  to 
the  front  door’’ 

Two-factor  lags  outside  of  the  banking  industry 

The  financial  sector  is  by  far  the  most  aggressive  industry  seg¬ 
ment  when  it  comes  to  adopting  two-factor  authentication. 
Federal  Financial  Institutions  Examination  Council  regulations 
have  accelerated  adoption,  as  have  the  relatively  large  risks  that 
financial  institutions  face. 

In  the  rest  of  the  world,  it’s  a  much  different  story,  however. 
Aside  from  online  banking,  instances  where  end  users 
encounter  two-factor  authentication  are  few  and  far  between, 
and  the  pace  of  adoption  is  very  slow  in  enterprises  in  general 
(beyond  the  financial  sector). 

There  is  one  other  sector  where  two-factor  authentication  is 
alive  and  well:  the  federal  government.  “One  of  the  recommen¬ 
dations  that  came  out  of  the  9/11  Commission  was  for  federal 
agencies  to  strengthen  the  identity  credentialing  process  and 
eliminate  weak  credentials  for  sensitive  systems,”  says  Randy 
Vanderhoof,  executive  director  of  the  Smart  Card  Alliance. 

The  Federal  Information  Processing  Standards  Publication  201 
standard  “specifies  the  architecture  and  technical  requirements 
for  a  common  identification  standard.”  This  federal  standard  is 
commonly  referred  to  as  the  Personal  Identity  Verification  (PIV) 
standard. 

The  deadline  for  agencies  to  comply  with  the  PIV  standard  was 
Oct.  27,  2008.  “The  results  of  the  Office  of  Management  and 
Budget  audit  haven’t  been  released,  so  I  don’t  know  how  suc¬ 
cessful  agencies  were  at  meeting  the  deadline, ’’Vanderhoof  says. 
“What  has  been  reported  is  that  1.2  million  smart  cards  have 
been  issued  as  of  September,  out  of  about  2  million  federal 
employees.” 

Of  course,  the  definition  of  a  “smart  card”  is  very  broad.  It  could 
be  a  card,  or  it  could  be  a  secure  e-credential  on  a  USB  token  or 
a  chip  embedded  into  an  ID  badge.  In  fact,  the  ID  badge  could 
end  up  being  the  go-to  form  factor  for  strong  authentication  in 
the  government,  because  it  represents  an  easy  way  to  combine 

See  Authentication,  page  32 
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credentials  for  physical  access  to  buildings  and  other  secure 
areas  with  credentials  for  logical  access  to  electronic  systems. 

In  the  enterprise,  there's  the  power  of  leverage 

The  business  sector’s  path  to  adoption  has  been  much  slower. 
Yes,  there  is  an  alphabet  soup  of  regulations  out  there,  but  few 
address  authentication  directly. 

Businesses,  however  have  a  key  advantage  over  consumer¬ 
facing  applications:  leverage.“It’s  not  a  big  deal  if  your  employer 
asks  you  to  carry  an  authentication  device,  be  it  a  USB  token  or 
a  badge,”  Burton  Group’s  Diodati  says.  The  difference  is  owner¬ 
ship.  Consumers  may  balk  at  having  to  carry  tokens  to  get  at  their 
money,  or  having  to  install  yet  more  software  on  their  computers. 
In  the  enterprise,  however,  the  building,  the  computers  and  often 
even  the  mobile  devices  are  owned  by  the  company. The  enter¬ 
prise  sets  the  policies. 

The  trouble  is  that  those  policies  are  all  over  the  map,  as 
are  the  various  types  of  authentication  being  deployed. 

Large  CPA  firm  deploys  USB  tokens 

Virchow  Krause  &  Company  is  the  15th-largest  cer¬ 
tified  public  accounting  and  consulting  firm  in  the 
United  States. With  more  than  1,300  associates  and 
offices  in  Michigan,  Illinois,  Minnesota  and  Wis¬ 
consin,  it  investigated  the  most  cost-effective 
way  to  improve  security,  and  concluded  that 
doing  away  with  passwords  would  deliver  the 
most  value. 

“Our  associates  are  highly  mobile,  and 
we’re  in  an  industry  that  must  comply  with 
numerous  regulations,”  says  Matt  Jennings, 
who’s  the  senior  manager  for  Virchow 
Krause’s  IT  group.“We  needed  a  two-factor 
solution  that  would  have  as  small  a  footprint 
as  possible.” 

Virchow  Krause  adopted  Gemalto’s  .Net 
dual  USB  tokens. They  provide  two  authen¬ 
tication  options,  an  OTP  generator  (and 
display),  and  built-in  smart  card  technol¬ 
ogy  to  store  public-key  infrastructure 
certificates. These  eliminate  passwords, 
but  users  still  must  remember  a  PIN  to 
access  the  device.  Gemalto’s  tokens  also 
integrate  with  Microsoft’s  Windows  Vista 
and  XP  without  any  middleware  requirements. 

Associates  now  have  a  secure  way  to  remotely  access  company 
applications  on  the  road,  at  public  terminals  or  behind  client 
firewalls. The  cost  —  about  $150  per  user  —  is  competitive  with 
the  cost  of  passwords  alone,  which  require  a  lot  of  help  desk  sup¬ 
port  for  resets. “The  cost  is  a  tiny  sliver  of  our  overall  security  and 
user-support  costs,”  Jennings  says. 

Yet  another  regulation  in  the  mix 

Arise  Virtual  Solutions  provides  virtual  call-center  services  to 
clients  in  such  industries  as  retail,  transportation  and  computer 
technology.  Arise’s  8,000  call  center  representatives  work  from 
remote  or  home  locations,  and  because  many  operators  collect 
such  personal  information  as  credit  card  data  over  the  tele¬ 
phone,  Arise  must  achieve  Payment  Card  Industry  (PCI)  compli¬ 
ance. The  PCI  Data  Security  Standard  applies  to  retail  merchants 


and  online  service  providers  transmitting  consumer  credit  card 
information. 

With  such  a  large,  dispersed  workforce,  Arise  needed  some¬ 
thing  that  would  be  easy  for  IT  to  manage  and  convenient  for 
workers  to  use.  Based  on  these  criteria,  it  deployed  RSA’s 
SecurelD,  which  can  be  delivered  via  USB  tokens,  software  inter¬ 
face  or  browser  toolbar. 

“We’re  trying  to  move  as  many  agents  as  possible  to  software- 
based  authenticators,”  says  James  Walkers,  the  CTO  of  Arise. 
“Software  is  more  cost-effective  and  it  solves  a  lot  of  administra¬ 
tive  problems,  while  delivering  security  on  par  with  hardware- 
based  solutions.” 

Crawling  towards  standards 

Because  the  definition  and  deployment  of  strong  authentica¬ 
tion  is  so  varied,  a  number  of  organizations  are  advocating  stan¬ 
dards.  These  include  the  Organization  for  the  Advancement  of 
Structured  Information  Standards,  the  OpenID  Foundation, 
the  Smart  Card  Alliance  and  the  Liberty  Alliance. 

To  help  make  sense  of  the  many  authentica¬ 
tion  options  on  the  market,  the  Liberty  Al¬ 
liance  has  developed  the  Identity  Assurance 
Framework,  which  rates  the  level  of  certainty 
that  the  people  presenting  themselves  in 
electronic  transactions  are  who  they  say  they 
are.  The  certainty  varies  from  one  (low)  for 
something  such  as  passwords  to  four  (high) 
for  something  such  as  biometrics  or  an  out-of- 
band  second  factor  of  authentication. 

“There’s  more  than  just  technology  involved  in 
the  ratings,”  says  Roger  Sullivan,  president  of  the 
Liberty  Alliance. “You  must  also  consider  the  busi¬ 
ness  relationship.  Business  partners  must  audit  each 
other  to  see  if  they’re  trustworthy,  and  you  need 
increasingly  higher  levels  of  trust  as  the  dollar 
amounts  in  transactions  get  higher.” 

Sullivan  also  believes  that  the  current  economic  crisis 
could  pave  the  way  for  stricter  identity  requirements. 
We’re  already  hearing  the  drumbeat  for  increased  regula¬ 
tions  as  a  backlash  to  the  Wall  Street 
bailout.  If  regulations  start  restricting  access 
to  various  types  of  information  based  on 
roles,  identity  will  have  to  be  addressed.You 
can’t  create  role-based  restrictions  without 
identity  management  at  the  core,  and  indus¬ 
trywide  identity  management  can  only  be 
accomplished  through  a  standards-based 
approach,”  he  says. 

Will  standards  lead  to  some  kind  of  Holy  Grail  of  authentica¬ 
tion,  a  simple,  unified  form  of  strong  authentication?  “There’s  a 
vision  of  that,”  the  Smart  Card  Alliance’s  Vanderhoof  says. “Micro¬ 
soft  has  made  plenty  of  announcements  around  CardSpace.and 
there  is  a  lot  of  investment  at  the  operating  system  and  server 
level.”  (Microsoft  advocates  its  own  uber-plan,  CardSpace,  and 
such  competitors  as  Google  and  IBM  advocate  a  different 
approach,  an  open  source  identity-management  platform  called 
the  Higgins  Project.)  “What  will  probably  happen  is  that  smart 
cards  will  become  transportable,  possibly  able  to  move  from  one 
form  of  ID  to  another.  I’d  say  that’s  more  likely  than  a  single  super 
ID,  he  says.” 

Vance  is  a  freelance  writer.  He  can  be  reached  at  jeff@sandstor 
mmedia.net. 
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With  energy  consumption  expected  to  double  in  five  years,  howdo  youbuild 
and  manage  your  IT  to  reduce  costs?  Greener  software:  a  complete  range 
of  energy-efficient  software  to  optimize  your  infrastructure,  boost  business 
process  efficiency  and  implement  truly  responsible  collaboration.  A  greener 
world  starts  with  greener  business.  Greener  business  starts  with  IBM. 
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Where  are  they  now? 

How  six  start-ups  fared  in  the  two-factor  authentication  market 

BY  JEFF  VANCE 


We  focused  on  six  start-ups  in  our  May  2007 
story  Only  two  are  still  operating  with  the 
same  name  and  the  same  product  line. 

Pay  By  Touch  (see  www.nwdocfinder.com/7921)  has  gone  bank¬ 
rupt.  Its  kiosks,  which  let  consumers  make  purchases  with  a  finger¬ 
print  scan,  were  deployed  in  more  than  3,000  retail  locations,  most¬ 
ly  in  Europe  and  Asia  but  also  at  some  Albertsons,  Jewel-Osco  and 
Lowes  Foods  stores  in  the  United  States.  Founder  John  P  Rogers  is 
facing  a  number  of  investor  lawsuits,  and  the  company’s  assets 
were  purchased  by  CardWorks  Processing  in  April. 

Cogneto,  which  offered  cognitive  or  memory-based  authentication, 
has  gone  through  a  lot  of  turmoil.lt  split  into  two  companies,  one  in 
Canada,  one  in  London.  The  Canadian  version  has  filed  for  bank¬ 
ruptcy  while  the  London  Cogneto  is  a  one-person  operation  that 
“doesn’t  have  any  customers”  and  has  “burned  through  about  $5  mil¬ 
lion,”  according  to  David  Eppert,who  originally  developed  the  prod¬ 
uct’s  intellectual  property  and  sold  it  to  Cogneto. 

Now,  Eppert  has  reacquired  the  intellectual  property  and  patents 
and  formed  Think  Security  “The  big  problem  with  authentication  is 
that  everyone  uses  sensitive  information  to  authenticate.  Even  bio¬ 
metric  databases  can  be  hacked.  We’re  working  on  a  way  to  authen¬ 
ticate  without  using  sensitive  data,”  he  says.  He  declined  to  disclose 
further  details  of  how  this  works  and  how  Think  Security  databases 
repel  hackers. 

Two  start-ups,  Passfaces  and  Porticus  Technology  exist  pretty  much 
as  they  did  in  May  2007.  Passfaces  relies  on  the  fact  that  the  human 
brain  is  wired  to  recognize  faces.  Passfaces  presents  a  grid  of  faces, 
from  which  you  pick  the  one  you  recognize.  After  clicking  through  a 
few  grids,  your  pattern  of  recognition  can  be  counted  on  to  identify 
you  uniquely  as  a  biometric  factor.  The  company  just  signed  up  a 
Wisconsin  credit  union,  which  declined  to  be  named.  “This  credit 
union  proves  that  our  solution  scales,”  says  CEO  Paul  Barret. “It  only 
took  a  couple  of  months  to  roll  it  out  to  all  of  their  customers,  and  it 
dramatically  reduced  their  support  costs.” 

Porticus  hasn’t  disclosed  any  customers,  but  it  recently  signed  a 
partnership  with  BBN  Technologies,  the  result  of  which  will  be  a 
voice-recognition  transcription  service.  According  to  CEO  Germano 
Di  Mambro,  the  company  is  raising  a  new  round  of  funding  and  has 
several  customer  deals  nearly  closed,  including  one  with  a  major 
smartphone  provider.  Pbrticus  also  recently  appointed  a  new  CTO, 
Jerry  Ruggieri,  formerly  with  Fidelity  Investments. 

BioPassword  is  now  doing  business  as  AdmitOne  Security  The  com¬ 
pany’s  core  technology  identifies  individuals  by  their  unique  key¬ 
board  typing  patterns.  AdmitOne,  however,  has  broadened  its  tech¬ 
nology  recently“Keystroke  recognition  is  just  a  factor,  not  a  complete 
solution,  and  customers  want  complete  identity  assurance  solutions,” 
says  Matthew  Shanahan, senior  vice  president  of  marketing  and  strat- 
egy.AdmitOne’s  portfolio  now  includes  risk-based  authentication  and 
revenue  recovery  Customers  include  Bank  of  Sacramento  and 
Parsons,  Behle  &  Latimer. 

Finally  Encentuate,  which  authenticated  users  via  RFID  tags  that 
could  be  attached  to  ID  badges  or  mobile  phones,  was  acquired  by 
IBM  in  March.  Financial  terms  were  not  disclosed. 


The  science  behind  Passfaces 


1.  Passfaces  takes 
advantage  of  the 
human  brain’s 
innate  ability  to 
recognize  faces. 


^passfaces  “  \ 


Stffl  Up 


Yaw# 


2.  In  the  Passface 
enrollment  pro¬ 
cess,  users  prac¬ 
tice  lacking  out  a 
preselected  “Pass- 
face”  from  a  group 
of  nine  faces. 
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3.  When  authenti¬ 
cating  for  real, 
users  identify  the 
Passface  from  a 
grid  that  includes 
eight  decoy  faces. 
They  don’t  need 
to  memorize  a 
password  or  PIN. 

4.  The  3-by-3  grid 
makes  it  easy  to 
use  Passfaces  on 
other  devices, 
such  as  cell 
phones. 
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With  the  world’s  data  growing  dramatically,  IBM  storage  virtualization  solutions 
can  help  you  gain  control  in  a  responsible,  energy-efficient  way.  The  IBM 
System  Storage”  SAN  Volume  Controller  can  reduce  storage  growth  by  up  to 
20%  and  boost  utilization  by  as  much  as  30%.  And  combined  with  IBM  tape 
solutions,  some  companies  have  reduced  their  TCO  by  as  much  as  50%.  A 
greener  world  starts  with  greener  business.  Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD 

Get  our  storage  virtualization  whitepaper  at  ibm.com/green/info 
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Cisco 

continued  from  page  1 

example  of  that  pronouncement  will  be  a  new 
Cisco  blade-server  system  expected  next  year. 
This  will  take  the  company  into  the  data-center 
compute  space,  right  up  against  longtime  stal¬ 
warts  —  and  until  now,  Cisco  partners  —  IBM 
and  HP 

Cisco  officials  interviewed  at  last  week’s  C- 
Scape  conference  would  neither  confirm  nor 
deny  that  this  system  is  in  development  —  its 
code  name  is  “California  Server?  according  to 
sources  —  but  its  impact  will  be  substantial  in 
the  market  and  on  its  current  relationships 
with  compute  partners. 

“I’ve  seen  the  product,” said  Vikram  Mehta, 
CEO  of  Blade  Network  Technologies,  a  sup¬ 
plier  of  blade  server  switches  to  IBM,  HR 
Dell  and  others.“I  think  I  know  what  Cisco’s 
trying  to  do.  Servers  are  a  $60  billion  mar¬ 
ket.  And  if  you’re  the  size  of  Cisco  —  $40  bil¬ 
lion  —  you’re  looking  for  the  next  multibil¬ 
lion  dollar  market  to  jump  into. There  aren’t 
a  lot  of  adjacent  markets, so  they  decided  to 
step  on  their  partnerships  and  take  these 
guys  head-on  to  get  a  slice  of  the  server 
action.” 

Blade  Network,  a  private  company  that  just 
announced  a  record  fourth  fiscal-quarter  in 
terms  of  growth  in  its  Ethernet  port  shipments, 
believes  Cisco’s  entry  into  the  market  will  only 
strengthen  the  ties  Blade  has  with  IBM  and  HP 
Mehta  said. 

There’s  not  much  difference  between 
“California”  and  existing  blade  servers  for  data 
centers,  but  there  will  be  a  Cisco-specific  twist 
on  it  to  justify  its  cost  and  profit  margins,  Mehta 
said.lt  is  an  internally  developed  system  based 
on  Intel  x86  processors  and  a  Linux  operating 
system,  and  it  embeds  Cisco’s  recently  intro¬ 
duced  Nexus  5000  data-center  switches,  other 
sources  say 

In  addition,  California  is  expected  to  support 
Cisco’s  unified  fabric,  which  supports  multiple 
types  of  data-center  traffic  over  a  single  Ether¬ 
net  host  bus  adapter,  data-center  automation 
tools  and  deep  integration  with  VMware 
Infrastructure. 

Cisco,  meanwhile,  believes  there  are  areas 
within  the  data  center  beyond  networking 
where  it  can  iron  out  “seams”  of  technology 
among  servers,  switches  and  storage  devices, 
said  John  McCool,  senior  vice  president  and 
general  manager  of  Cisco’s  Data  Center  Switch¬ 
ing  and  Services  group. 

“I  can’t  comment  on  an  unannounced  prod¬ 
uct,”  McCool  said  about  California.“I  would  say 
though,  that  you  see  what  we’ve  done  with  the 
[Nexus]  1000V  —  the  interesting  things  now 
are  happening  at  the  seams  of  technology 
Obviously  we  represent  the  networking  com¬ 
ponent.  But  you  have  a  virtualization  layer 
that’s  now  emerged  in  data  centers,  and  you 
have  compute.  We’re  very  much  interested  in 
making  the  whole  environment  —  we  call  it 
unified  computing  —  a  homogeneous  envi¬ 
ronment  by  making  those  seams  not  look  like 


gaps  in  IT,”  he  said. 

Cisco’s  Nexus  1000V  is  a  software  switch  that 
runs  on  multivendor  servers.  It  takes  a  virtual 
machine’s  network  and  security  properties 
with  it  while  the  virtual  machine  is  moved 
around  the  data  center. 

McCool  was  philosophical  about  the  poten¬ 
tial  impact  Cisco’s  data-center  expansion  will 
have  on  current  partners. 

“We  see  such  a  shift  in  the  technology  land¬ 
scape  with  virtualization  that  it’s  creating  a  new 
set  of  challenges  that  have  to  be  innovated,” 
McCool  said.  “I’m  sure  those  companies  are 
looking  at  their  own  vectors  of  innovation  on 
how  to  address  this.  Change  bring  challenges; 
challenges  hopefully  bring  innovation.  We’ve 
decided  to  embrace  the  challenge  and  believe 
that  we  can  innovate. 

“I  would  think  the  nature  of  partnerships  in 
general  is  going  to  change,”  McCool  said. “The 
nature  of  large  organizations,  especially  solving 
customer  problems,  there’s  going  to  be  a  little 
bit  of  overlap,a  little  bit  of  collaboration.” 

Analysts  say  the  company’s  overall  IT  ambi¬ 
tions  will  be  Cisco’s  most  daunting  hurdle  in 
the  coming  year. 

“Can  they  really  make  the  credible  transition 
to  an  IT  vendor  from  a  networking  vendor?” 
asks  Zeus  Kerravala  of  The  Yankee  Group. “That 
is  their  absolute  biggest  challenge  because 
that  gets  them  into  a  whole  different  set  of  buy¬ 
ing  criteria.” 

The  unified  communications  manifesto 

A  buying  criterion  Cisco’s  most  familiar  with 
is  networking,  particularly  LAN  switches. 
Cisco’s  Big  Bang  switching  upgrade,  hinted  at 
last  spring,  will  emerge  in  January  and  encom¬ 
pass  more  than  just  the  Catalyst  6500,  as  initial¬ 
ly  expected. 

The  emphasis  on  Big  Bang,  the  code  name 
for  the  switching  upgrade,  will  be  green  and 
apply  to  Cisco’s  entire  switching  portfolio,  said 
Marie  Hattar,vice  president  of  network  systems 
and  security  solutions  at  Cisco. 

“It’s  an  evolutionary  capability.  It’s  not  a 
new  platform,”  Hattar  said.  “It’s  really  more 


tied  to  green  capabilities,  and  how  the  net¬ 
work  really  enables  those  types  of  capabili¬ 
ties.”  She  would  not  divulge  any  further 
details  on  Big  Bang. 

Next  year  will  also  will  see  Cisco’s  collabora¬ 
tion  portfolio  progress  with  a  new  release  of  its 
unified  communications  software  that  will  let 
companies  collaborate. 

Cisco’s  Unified  Communications  System  7.0, 
which  was  unveiled  in  September,  enables 
companies  to  collaborate  internally  The  2009 
release  will  enable  intercompany  collabora¬ 
tion  among  business  partners,  suppliers  and 
customers,  according  to  Barry  O’Sullivan, 
senior  vice  president  of  Cisco’s  Voice  Tech¬ 
nology  group. 

“In  2009,  you’ll  see  business-to-business  uni¬ 
fied  communications”  from  Cisco,  O’Sullivan 
said. “We  have  60,000  customers,  and  there’s  a 
huge  opportunity  to  connect  them  all  over  the 
Internet.” 

The  software  will  enable  IT  organizations  to 
configure  security  and  QoS  policies  for  com¬ 
munications  with  companies  they  trust, O’Sulli¬ 
van  said.  It  will  employ  the  Session  Initiation 
Protocol  for  call  setup, and  allow  companies  to 
establish  presence  “federations”  for  groups  of 
collaborative  workers. 

Cisco’s  WebEx  Connect  product,  which  also 
debuted  last  September,  will  be  the  tool  by 
which  these  companies  can  federate,  O’Sulli¬ 
van  said. 

Cisco  has  prototypes  to  demonstrate  the 
capabilities  of  the  new  software,  but  no  trials 
yet.  Target  trial  customers  include  those  in  the 
supply  chain  and  manufacturing  verticals, 
O’Sullivan  said. 

The  system  will  let  users  build  hybrid  premis¬ 
es  and  on-demand  intercompany  collabora¬ 
tion  networks,  which  combine  the  capabilities 
of  Cisco’s  Unified  Communications  Manager  IP 
telephony  platforms  and  the  WebEx  Internet 
conferencing  system.  Video  also  will  be  a  key 
component  of  the  system,  but  may  not  be 
accessible  from  mobile  devices  because  of  the 
bandwidth  limitations  of  wireless  networks, 
O’Sullivan  said.  ■ 
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The  G1  and  Google’s  Evil  Quotient 


couple  of  weeks  ago  in  Gearhead 
(www.nwdocfinder.com/7938)  I  wrote 
i  about  how  impressed  I  was  with  theT- 
Mobile  G1  cell  phone  —  the  one  based  on 
Google’s  Android  operating  system.  1  was  so 
BACKSPIN  impressed  I  gave  the  G1  a  rating  of  5  out  of  5. 

M  i  r  '  hi  Reader  Burt  Bossi  wrote  in  to  stick  it  to  me: 

IVI  a  r  K  b  I  D  D  S  “How  can  you  possibly  rate  this  G1  device  a  ‘5 
out  of  5’  immediately  after  you  said  the  camera 
lens  is  poor,  there  is  no  zoom,  handset  sound  sucks,  there  is  no  Flash 
support, and  its  already  showing  signs  of  mechanical  breakdown  on 
the  swivel  keyboard?  If  there  were  no  problems  would  you  have  rated 
it  7  out  of  5?” 

1  felt  the  Gl, despite  the  flaws  I  identified, was  a  significant  product 
with  enormous  potential  in  the  corporate  and  consumer  market. 
Moreover,  it  is  the  best  competition  to  the  iPhone  I’ve  seen  and  it  could 
prevent  the  “superphone”  market  from  being  a  one-horse  race. 

Now,  if  I  could  have  awarded  fractional  ratings  I  might  have  gone  for 
4.8  or  4.9  rather  than  5  so  you  might  think  of  my  rating  as  a  “rounding 
up”. That  said,  I  have  since  discovered  some  problems  with  the  Gl. 

First  the  minor  stuff.  Battery  life  is  a  problem  the  Gl  and  iPhone  have 
in  common.  On  the  Gl , if  you  enable  GPS, Wi-Fi  and  Bluetooth, along 
with  a  few  of  the  “chattier”  Android  applications  that  communicate 
with  various  Internet  services, your  power  will  disappear  faster  than  a 
bank  that  has  just  been  handed  a  share  of  the  bailout  pot. 

The  Android  operating  system  itself  appears  to  have  a  few  minor 
problems.  It  occasionally  gets  over-enthusiastic  and  scrolls  lists  more 
vigorously  than  you  want  and  it  can  be  slow  to  respond.  Also,  the  entire 
system  crashed  on  me  three  times  for  no  obvious  reason,  but  did 
recover  after  a  couple  of  minutes. 


So  that  was  the  minor  stuff.  Now  let’s  get  to  the  big  warty  things.  In  my 
column  I  discussed  how  Apple  had  reserved  a  backdoor  into  the 
iPhone  that  would  allow  the  company  to  remotely  remove  any  appli¬ 
cation  it  doesn’t  approve  of.  I  had  researched  the  issue  of  whether 
there  was  a  backdoor  in  the  Gl  and,  finding  nothing, assumed  Google 
had  avoided  being  evil. 

Reader  Steven  Klein  informed  me  that  such  a  thing  does  exist,  and 
the  reason  I  hadn’t  found  it  is  Google  calls  it  a“killswitch”.That  said, 
there  is  a  difference.  Unlike  Apple,  Google  can  only  remove  applica¬ 
tions  that  have  been  downloaded  from  the  Android  Marketplace. 

Also,  as  to  the  openness  of  Android  as  implemented  on  the  Gl.well, 
there  is  a  limitation.  Up  until  the  R30  release  of  Android  you  could  get 
access  to  the  shell,  but  the  update  removed  that  facility  which  annoyed 
a  lot  of  tech  folks. 

So,  here’s  the  thing:  Do  these  warty  things  constitute  “evil”  behavior? 
The  fact  that  the  phone  is  locked  to  a  single  provider  is  kind  of  evil, 
although  as  a  first  step  into  the  market  it  is  arguably  justified  (that  said, 
teaming  with  T-Mobile  qualifies  as  downright  evil,  in  my  book). 

The  killswitch?  Again,  not  completely  evil  as  it  has  limited  scope,  but 
then  again,  neither  is  it  not  evil.  Removing  shell  access?  Definitely  more 
evil  than  otherwise. 

So  weighing  up  Google’s  Evil  Quotient,  when  it  comes  to  the  Gl  1 
have  to  judge  the  company  around  50%  evil. And  the  Gl  itself,!  have  to 
downgrade  it  to  4  out  of  5,  which  for  me  means  it’s  definitely  going  to 
be  goodbye  T-Mobile. The  Gl  almost  persuaded  me  to  stay  but  now  it’s 
off  to  AT&T  and  the  iPhone. To  quote  the  Hitchhiker’s  Guide  to  the 
Galaxy:“I  wonder  if  it  will  be  friendly?” 

Gibbs  is  jumping  cellular  ship  in  Ventura,  Calif.  Expose  your  carrier  to 
backspin@gibbs.  com. 
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The  ultimate  artificial  intelligence  wizard? 


The  military’s  expert  R&D  arm  isn’t  always 
about  making  bigger,  better  things  that 
blow  up  or  fly  fast;  sometimes  it  wants  to 
develop  scarier  things  like  avant-garde  artificial 
intelligence  software.  In  this  case,  the  Defense 
Advanced  Research  Projects  Agency  (DARPA) 
is  looking  to  build  something  known  as  a  Ma¬ 
chine  Reading  Program  that  can  capture  knowl¬ 
edge  from  naturally  occurring  text  and  trans¬ 
form  it  into  the  formal  representations  used  by  AI  reasoning  systems. 

The  idea  is  that  such  an  intelligent  learning  system  would  unleash  a 
wide  variety  of  new  AI  applications  —  military  and  civilian  —  ranging 
from  intelligent  bots  to  personal  tutors,  according  to  DARPA. 

For  example,  all  of  the  text  in  the  Web  would  become  available  for 
automating  the  monitoring  and  analysis  of  nations’  technological  and 
political  activities;  plans,  rhetoric  and  activities  of  transnational  organi¬ 
zations;  and  scientific  discovery  in  various  disciplines,  DARPA  states.  As 
digitized  text  from  library  books  worldwide  becomes  available,  new 
avenues  of  cultural  awareness  and  historical  research  will  be  enabled. 
With  truly  general  techniques  for  effectively  handling  the  incompatibil¬ 
ities  between  natural  language  and  the  language  of  formal  inferences 
system  could,  in  principal,  be  constructed  that  maps  between  natural 
and  formal  languages  in  any  subject  domain,  DARPA  says. 

The  agency  adds  that  nearly  all  successful  AI  systems  today  succeed 
because  they  possess  sufficient  consistent,  relevant  knowledge  about  a 
given  problem.  However,  because  large  amounts  of  knowledge  are 
almost  always  needed  for  this  success,  AI  systems  require  this  knowl¬ 
edge  to  be  expressed  in  a  logical  formula  of  some  type.  Manually 
encoding  such  knowledge  can  become  prohibitively  expensive. 
Because  text  is,  by  far,  the  most  flexible  and  ubiquitous  medium  used 
to  capture  knowledge  about  the  diverse  areas  of  human  interest,  it  is 


natural  to  consider  making  it  feasible  for  AI  reasoning  systems  to 
employ  this  vast  store  of  human  knowledge.  As  AI  systems  currently 
cannot  use  such  knowledge,  it  would  be  revolutionary  if  technology 
could  be  developed  to  bridge  this  gap,  DARPA  says. 

The  problem  is  reading  and  understanding  —  the  necessary  informa¬ 
tion  is  available,  but  rarely  in  a  form  that  can  be  used  by  current  AI  sys¬ 
tems,  DARPA  says.  For  example,  the  military  frequently  faces  impedi¬ 
ments  to  stability  and  reconstruction  operations  in  a  new  location  due 
to  the  lack  of  understanding  of  the  local  situation. Similarly, strategic 
assessment  of  a  foreign  nation’s  science  and  technology  involves  the 
continuous  assessment  of  technical  articles,  bibliographies  and  confer¬ 
ence  agendas. This  information  is  often  available  on  the  Web,  and  some 
tools  to  assist  this  analysis  are  available,  but  the  process  would  be 
enhanced  by  a  system  that  could  directly  analyze  such  text  informa¬ 
tion. The  same  reasoning  could  be  equally  valuable  if  applied  to  other 
types  of  open  source  intelligence  analysis,  including  assessing  military 
readiness;  political  speeches,  actions  and  more  obscure  messages;  eco¬ 
nomic  trends  and  sentiments;  and  propaganda  from  terrorist  groups 
and  even  their  hidden  Web-based  communications. 

How  such  software  will  ultimately  be  contracted  and  developed  will 
be  big  issues.  Some  of  the  requirements  are  extensive. 

DARPA  has  been  interested  in  exploiting  the  promise  of  AI  for  years. 
Earlier  this  year  it  approved  the  second  phase  of  AI  technology  that 
will  help  automate  military  air  traffic  control.The  Generalized 
Integrated  Learning  Architecture  system,  developed  by  Lockheed 
Martin’s  Advanced  Technology  Laboratories,  is  intended  to  help  the  Air 
Force  in  particular  keep  airspace  operating  safely  with  increased  air 
traffic  and  the  advent  of  unmanned  aerial  vehicles. 

If  you  have  any  artificial  intelligence  or  just  plain  old  intelligent  news, 
please  let  me  know  at  mcooney@nww.com 
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